Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.Bad.Proxy removal


  • This topic is locked This topic is locked
17 replies to this topic

#1 drummond99

drummond99

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 08 August 2014 - 03:42 PM

hi i'm getting pop ups constantly on chrome last 2 days, its barely usable with them all. I have identified 4 reg entries all are in HKU\NUMBER LETTERS BLAH BLAH FOR EXAMPLE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\proxy server malwarebytes removes them but on restart they are back and so are the pop ups ive tried frst and adwcleaner too but i really dont know what else to do bar deleting the reg entries i think may be the problem but im not confident enough to try this any suggestions?????

Attached Files


Edited by drummond99, 08 August 2014 - 03:58 PM.


BC AdBot (Login to Remove)

 


#2 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 08 August 2014 - 03:55 PM

i have attached a screenshot of the 4 reg entries

Attached Files



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 09 August 2014 - 02:04 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 10 August 2014 - 06:49 AM

FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 Ran by Drummond (administrator) on DRUMMOND-PC on 10-08-2014 12:45:36 Running from C:\Users\Drummond\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\Core Temp\Core Temp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe () C:\Windows\Microsoft\sogr\WindowsUpdater.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\PicRec\runtime\win32\Privoxy\privoxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1571072 2013-11-20] (Bitdefender) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-31] (Gigabyte Technology CO., LTD.) HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\MountPoints2: {8d9cb889-ed24-11e2-acfd-50e54940ade2} - F:\LaunchU3.exe ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC245412C8EE4CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKCU - {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Drummond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-05-08] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-28] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext Chrome: ======= CHR HomePage: CHR StartupUrls: "hxxp://google.co.uk/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (Google Drive) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-28] CHR Extension: (Google Search) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-28] CHR Extension: (Logitech SetPoint) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-28] CHR Extension: (Google Wallet) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-04-01] CHR Extension: (Gmail) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-28] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-11-20] (Bitdefender) S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [419592 2011-06-05] (Future Systems Solutions, Inc.) R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender) R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-14] (Gigabyte Technology CO., LTD.) [File not signed] R2 sogr; C:\Windows\Microsoft\sogr\WindowsUpdater.exe [18944 2014-07-24] () [File not signed] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-27] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-11-20] (Bitdefender) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-11] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-16] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-16] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-20] (BitDefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-09-02] (C-Media Inc) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-28] () R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-03] (BitDefender LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-03] (BitDefender S.R.L.) R3 ALSysIO; \??\C:\Users\Drummond\AppData\Local\Temp\ALSysIO64.sys [X] U4 bdselfpr; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 12:45 - 2014-08-10 12:45 - 00018835 _____ () C:\Users\Drummond\Desktop\FRST.txt 2014-08-10 12:45 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Drummond\Desktop\FRST-OlderVersion 2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip 2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe 2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill 2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix 2014-08-08 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-08 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-08 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-08 21:16 - 2014-08-08 21:25 - 00000000 ____D () C:\Qoobox 2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt 2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe 2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe 2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com 2014-08-08 20:20 - 2014-08-10 12:45 - 00000000 ____D () C:\FRST 2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip 2014-08-08 20:10 - 2014-08-10 12:45 - 02093568 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe 2014-08-08 20:05 - 2014-08-08 20:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Drummond\Downloads\SpyHunter-Installer.exe 2014-08-08 19:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-08 19:37 - 2014-08-08 20:23 - 00000000 ____D () C:\AdwCleaner 2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe 2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe 2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe 2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg 2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent 2014-08-06 23:08 - 2014-08-10 12:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-06 23:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 23:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg 2014-08-06 17:16 - 2014-08-06 17:54 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox 2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO 2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc 2014-08-06 16:48 - 2014-08-06 16:51 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk 2014-08-06 16:48 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development 2014-08-06 16:46 - 2014-08-06 23:18 - 00000000 ____D () C:\ProgramData\gNxeLQ 2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec 2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer 2014-08-04 11:59 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_ 2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 09:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 09:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 09:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 09:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 09:43 - 2014-07-18 09:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-12 10:47 - 2014-07-12 10:47 - 00001262 _____ () C:\Users\Drummond\Documents\cc_20140712_104734.reg 2014-07-11 09:03 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 09:03 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-11 09:03 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 09:03 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 09:03 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-11 09:03 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 09:03 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 09:03 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 09:03 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-11 09:03 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-11 09:03 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 09:03 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 09:03 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 09:03 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 09:03 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-11 09:03 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-11 09:03 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-11 09:03 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-11 09:03 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 09:03 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-11 09:03 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-11 09:03 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 09:03 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 09:03 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 09:03 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 09:03 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 09:03 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-11 09:03 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-11 09:03 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-11 09:03 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-11 09:03 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 09:03 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-11 09:03 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-11 09:03 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-11 09:03 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 09:03 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-11 09:03 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-11 09:03 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-11 09:03 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-11 09:03 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-11 09:03 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-11 09:03 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-11 09:03 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-11 09:03 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 09:03 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-11 09:03 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-11 09:03 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 09:03 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-11 09:03 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-11 09:03 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-11 09:03 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-11 09:03 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 09:03 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-11 09:03 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-11 09:03 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-11 09:03 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-11 09:02 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 09:02 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-11 09:02 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 09:02 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 09:02 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-11 09:02 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-11 09:02 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-11 09:02 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-11 09:02 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 12:45 - 2014-08-10 12:45 - 00018835 _____ () C:\Users\Drummond\Desktop\FRST.txt 2014-08-10 12:45 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Drummond\Desktop\FRST-OlderVersion 2014-08-10 12:45 - 2014-08-08 20:20 - 00000000 ____D () C:\FRST 2014-08-10 12:45 - 2014-08-08 20:10 - 02093568 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe 2014-08-10 12:42 - 2012-12-29 23:49 - 00000401 _____ () C:\Windows\system32\checkdnsid.xml 2014-08-10 12:38 - 2012-12-28 08:33 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336.job 2014-08-10 12:34 - 2012-12-28 00:35 - 01307618 ____N () C:\Windows\WindowsUpdate.log 2014-08-10 12:34 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-10 12:34 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-10 12:32 - 2012-12-28 01:27 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-10 12:32 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-10 12:27 - 2014-08-06 23:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 12:27 - 2012-12-28 00:53 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-08-10 12:26 - 2012-12-28 08:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d.job 2014-08-10 12:26 - 2012-12-28 01:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 12:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-09 11:43 - 2012-12-28 02:04 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Winamp 2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip 2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe 2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill 2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix 2014-08-08 21:25 - 2014-08-08 21:16 - 00000000 ____D () C:\Qoobox 2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt 2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe 2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe 2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com 2014-08-08 20:23 - 2014-08-08 19:37 - 00000000 ____D () C:\AdwCleaner 2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip 2014-08-08 20:05 - 2014-08-08 20:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Drummond\Downloads\SpyHunter-Installer.exe 2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe 2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe 2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe 2014-08-08 13:16 - 2012-12-28 02:22 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Azureus 2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg 2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent 2014-08-06 23:18 - 2014-08-06 16:46 - 00000000 ____D () C:\ProgramData\gNxeLQ 2014-08-06 23:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-06 17:54 - 2014-08-06 17:16 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox 2014-08-06 17:50 - 2013-05-10 15:37 - 00084689 _____ () C:\Windows\SysWOW64\debug.log 2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg 2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO 2014-08-06 16:51 - 2014-08-06 16:48 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk 2014-08-06 16:51 - 2014-08-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc 2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development 2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec 2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer 2014-08-06 12:30 - 2014-08-04 11:59 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_ 2014-08-06 10:48 - 2012-12-28 02:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-05 22:04 - 2014-01-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-08-05 22:04 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-08-04 09:28 - 2013-01-15 00:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-04 09:28 - 2013-01-15 00:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-30 07:48 - 2014-04-19 20:59 - 00000188 _____ () C:\Users\Drummond\Desktop\films.txt 2014-07-24 18:56 - 2013-03-15 11:00 - 00011938 _____ () C:\Users\Drummond\Documents\web.xlsx 2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 10:55 - 2013-03-13 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-22 12:45 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-21 11:09 - 2012-12-28 17:06 - 00037154 _____ () C:\Users\Drummond\Documents\garden.xlsx 2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 09:44 - 2014-07-18 09:43 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 09:44 - 2014-01-18 01:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-18 09:44 - 2014-01-18 01:32 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-15 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-07-13 15:44 - 2014-07-03 23:46 - 00028160 _____ () C:\Users\Drummond\Desktop\car.xls 2014-07-12 10:47 - 2014-07-12 10:47 - 00001262 _____ () C:\Users\Drummond\Documents\cc_20140712_104734.reg 2014-07-11 17:19 - 2009-07-14 05:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-11 09:20 - 2009-07-14 08:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-11 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-11 09:08 - 2012-12-28 08:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-11 09:07 - 2013-07-11 08:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 09:06 - 2012-12-28 03:26 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-11 03:02 - 2014-07-18 09:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-18 09:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-18 09:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-18 09:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 00:14 ==================== End Of Log ============================ ADDITION.TXT FILE Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01 Ran by Drummond at 2014-08-10 12:45:53 Running from C:\Users\Drummond\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.29.0.1830 - Bitdefender) Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Easy Tune 6 B11.0512.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0512.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology) Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive) FreeRIP 3.92 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.92 - GreenTree Applications SRL) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Horizon v2.7.9.3 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.3 - Daring Development Inc.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) OJOsoft Total Video Converter (HKLM-x32\...\OJOsoft Total Video Converter_is1) (Version: 2.7.2.1017 - OJOsoft) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE) TagScanner 5.1.625 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) TouchBIOS B11.0512.1 (HKLM-x32\...\{A2EBACDD-09BB-4894-AE25-7168DB3BFA7F}) (Version: 1.00.0000 - GIGABYTE) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update Manager B10.0728.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xilisoft DPG Converter (HKLM-x32\...\Xilisoft DPG Converter) (Version: 5.1.23.0515 - Xilisoft) ZEN Vision:M Series Media Explorer (HKLM-x32\...\ZEN Vision:M Series Media Explorer) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3395828480-1802922398-3001359867-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-08-2014 20:25:08 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0EC75549-1FB3-424F-9A92-8DB1AE925D90} - System32\Tasks\{A25CDF43-49F2-4170-A804-2CCC34420BF6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1618 Task: {57113443-18EB-4A57-AC87-6755E585572D} - System32\Tasks\Core Temp Autostart Drummond => C:\Program Files\Core Temp\Core Temp.exe [2012-10-15] () Task: {6A168F5C-DCCA-442B-A0B3-77CF4E7D2F0E} - System32\Tasks\{5C17D3B4-82C8-4EED-800B-8F9C8BED9413} => C:\Users\Drummond\Downloads\ZNVM_PCApp64_LA_6_21_10.exe Task: {7202D5E8-2042-4A32-B227-8AC1122FCF58} - System32\Tasks\Future Systems Solutions\Casper\My SSD Backup => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.) Task: {8E1DDE23-D143-43F1-9AD2-A1BF06E50777} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {8F3870DC-0052-4412-8CE5-BE710984FAA4} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.) Task: {94902C1D-436D-47E1-A330-492F4B644A8C} - System32\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {997FF8A2-9664-4937-B4EA-860CE7D6BF33} - System32\Tasks\{1988AA97-1C62-459D-A763-DA6F4C8E6F3C} => C:\Users\Drummond\Downloads\ZNVM_PCApp64_LA_6_21_10.exe Task: {99939AAA-7690-4AE3-B89A-2C4B87607E71} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {9E165044-CE96-4479-95AE-D136C5AB4106} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {B78B68C1-89AF-4DA7-835E-A6705A7B8B82} - System32\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {F30DE6B1-BEE8-4DA0-9A47-9796F576C031} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-27 23:40 - 2013-08-27 23:40 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll 2013-08-27 23:40 - 2013-08-27 23:40 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui 2013-05-08 16:05 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll 2013-05-08 16:05 - 2013-08-27 23:40 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui 2014-07-24 10:52 - 2014-07-24 10:52 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpbr.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpdsp.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpph.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttprbl.mdl 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-21 00:23 - 2010-10-21 00:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-12-28 18:45 - 2012-10-15 06:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe 2014-08-06 16:46 - 2014-07-24 11:53 - 00018944 _____ () C:\Windows\Microsoft\sogr\WindowsUpdater.exe 2013-05-08 16:05 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll 2012-12-28 00:40 - 2011-04-10 03:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00006144 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00008704 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00007680 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll 2013-05-22 20:04 - 2013-05-22 20:04 - 00400704 _____ () C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2012-11-28 23:13 - 2012-11-28 23:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 23:13 - 2012-11-28 23:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00007168 _____ () C:\Windows\Microsoft\sogr\ConfigurationData.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00015872 _____ () C:\Windows\Microsoft\sogr\Installer.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00015360 _____ () C:\Windows\Microsoft\sogr\BaseLibrary.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00055296 _____ () C:\Windows\Microsoft\sogr\InstallerLibrary.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-21 00:45 - 2010-10-21 00:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-08-06 16:47 - 2014-08-10 12:27 - 00086528 _____ () C:\Program Files (x86)\PicRec\runtime\win32\Privoxy\mgwz.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Drummond\Desktop\adwcleaner_3.304.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\BDSysLog_i.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\dds.com:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\rkill.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\adwcleaner.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\adwcleaner_3.303.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\SpyHunter-Installer.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 System errors: ============= Error: (08/08/2014 09:27:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/08/2014 09:26:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The sogr service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2014 09:26:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2014 08:18:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/08/2014 01:48:39 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/08/2014 11:21:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/05/2014 10:07:25 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (08/05/2014 01:27:43 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d45\??\C:\System Volume Information\Syscache.hve Error: (08/03/2014 03:49:23 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (08/01/2014 07:36:18 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Microsoft Office Sessions: ========================= Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) The catalog is corrupt Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) 2350 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 CodeIntegrity Errors: =================================== Date: 2013-05-08 15:54:49.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:37:48.789 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:27:44.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:17:39.799 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 08:38:38.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 08:31:04.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 21:33:45.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 20:46:58.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 20:26:50.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 14:37:24.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 16301.11 MB Available physical RAM: 12756.95 MB Total Pagefile: 32600.4 MB Available Pagefile: 28641.32 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:238.37 GB) (Free:22.7 GB) NTFS Drive d: (Backup D) (Fixed) (Total:279.45 GB) (Free:78.55 GB) NTFS Drive i: (Vuze Drive) (Fixed) (Total:1504.32 GB) (Free:1282.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: ADCC52F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3E471D12) Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1504 GB) - (Type=07 NTFS) ==================== End Of Log ============================

#5 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 10 August 2014 - 06:52 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01 Ran by Drummond at 2014-08-10 12:45:53 Running from C:\Users\Drummond\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.29.0.1830 - Bitdefender) Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Easy Tune 6 B11.0512.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Easy Tune 6 B11.0512.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology) Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive) FreeRIP 3.92 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.92 - GreenTree Applications SRL) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Horizon v2.7.9.3 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.3 - Daring Development Inc.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) OJOsoft Total Video Converter (HKLM-x32\...\OJOsoft Total Video Converter_is1) (Version: 2.7.2.1017 - OJOsoft) ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE) TagScanner 5.1.625 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) TouchBIOS B11.0512.1 (HKLM-x32\...\{A2EBACDD-09BB-4894-AE25-7168DB3BFA7F}) (Version: 1.00.0000 - GIGABYTE) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update Manager B10.0728.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Xilisoft DPG Converter (HKLM-x32\...\Xilisoft DPG Converter) (Version: 5.1.23.0515 - Xilisoft) ZEN Vision:M Series Media Explorer (HKLM-x32\...\ZEN Vision:M Series Media Explorer) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3395828480-1802922398-3001359867-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-08-2014 20:25:08 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0EC75549-1FB3-424F-9A92-8DB1AE925D90} - System32\Tasks\{A25CDF43-49F2-4170-A804-2CCC34420BF6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1618 Task: {57113443-18EB-4A57-AC87-6755E585572D} - System32\Tasks\Core Temp Autostart Drummond => C:\Program Files\Core Temp\Core Temp.exe [2012-10-15] () Task: {6A168F5C-DCCA-442B-A0B3-77CF4E7D2F0E} - System32\Tasks\{5C17D3B4-82C8-4EED-800B-8F9C8BED9413} => C:\Users\Drummond\Downloads\ZNVM_PCApp64_LA_6_21_10.exe Task: {7202D5E8-2042-4A32-B227-8AC1122FCF58} - System32\Tasks\Future Systems Solutions\Casper\My SSD Backup => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.) Task: {8E1DDE23-D143-43F1-9AD2-A1BF06E50777} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {8F3870DC-0052-4412-8CE5-BE710984FAA4} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2011-06-05] (Future Systems Solutions, Inc.) Task: {94902C1D-436D-47E1-A330-492F4B644A8C} - System32\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {997FF8A2-9664-4937-B4EA-860CE7D6BF33} - System32\Tasks\{1988AA97-1C62-459D-A763-DA6F4C8E6F3C} => C:\Users\Drummond\Downloads\ZNVM_PCApp64_LA_6_21_10.exe Task: {99939AAA-7690-4AE3-B89A-2C4B87607E71} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {9E165044-CE96-4479-95AE-D136C5AB4106} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {B78B68C1-89AF-4DA7-835E-A6705A7B8B82} - System32\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.) Task: {F30DE6B1-BEE8-4DA0-9A47-9796F576C031} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-27 23:40 - 2013-08-27 23:40 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll 2013-08-27 23:40 - 2013-08-27 23:40 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui 2013-05-08 16:05 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll 2013-05-08 16:05 - 2013-08-27 23:40 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui 2014-07-24 10:52 - 2014-07-24 10:52 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpbr.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpdsp.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttpph.mdl 2014-07-24 10:52 - 2014-07-24 10:52 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_024\ashttprbl.mdl 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-21 00:23 - 2010-10-21 00:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-12-28 18:45 - 2012-10-15 06:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe 2014-08-06 16:46 - 2014-07-24 11:53 - 00018944 _____ () C:\Windows\Microsoft\sogr\WindowsUpdater.exe 2013-05-08 16:05 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll 2012-12-28 00:40 - 2011-04-10 03:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00006144 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00008704 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll 2012-12-28 18:44 - 2012-12-28 18:44 - 00007680 _____ () C:\Users\Drummond\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll 2013-05-22 20:04 - 2013-05-22 20:04 - 00400704 _____ () C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2012-11-28 23:13 - 2012-11-28 23:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 23:13 - 2012-11-28 23:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00007168 _____ () C:\Windows\Microsoft\sogr\ConfigurationData.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00015872 _____ () C:\Windows\Microsoft\sogr\Installer.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00015360 _____ () C:\Windows\Microsoft\sogr\BaseLibrary.dll 2014-08-06 16:46 - 2014-07-24 11:53 - 00055296 _____ () C:\Windows\Microsoft\sogr\InstallerLibrary.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-21 00:45 - 2010-10-21 00:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-08-06 16:47 - 2014-08-10 12:27 - 00086528 _____ () C:\Program Files (x86)\PicRec\runtime\win32\Privoxy\mgwz.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2014-07-21 10:44 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Drummond\Desktop\adwcleaner_3.304.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\BDSysLog_i.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\ComboFix.exe:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\dds.com:BDU AlternateDataStreams: C:\Users\Drummond\Desktop\rkill.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\adwcleaner.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\adwcleaner_3.303.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe:BDU AlternateDataStreams: C:\Users\Drummond\Downloads\SpyHunter-Installer.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 System errors: ============= Error: (08/08/2014 09:27:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/08/2014 09:26:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The sogr service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2014 09:26:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s). Error: (08/08/2014 08:18:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/08/2014 01:48:39 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/08/2014 11:21:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service. Error: (08/05/2014 10:07:25 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (08/05/2014 01:27:43 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d45\??\C:\System Volume Information\Syscache.hve Error: (08/03/2014 03:49:23 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (08/01/2014 07:36:18 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Microsoft Office Sessions: ========================= Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) The catalog is corrupt Error: (08/06/2014 11:27:53 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) 2350 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (08/06/2014 00:38:25 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (08/06/2014 00:38:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (08/06/2014 00:38:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 CodeIntegrity Errors: =================================== Date: 2013-05-08 15:54:49.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:37:48.789 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:27:44.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 15:17:39.799 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 08:38:38.471 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-08 08:31:04.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 21:33:45.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 20:46:58.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 20:26:50.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-05-07 14:37:24.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00188_015\avcuf64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 16301.11 MB Available physical RAM: 12756.95 MB Total Pagefile: 32600.4 MB Available Pagefile: 28641.32 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:238.37 GB) (Free:22.7 GB) NTFS Drive d: (Backup D) (Fixed) (Total:279.45 GB) (Free:78.55 GB) NTFS Drive i: (Vuze Drive) (Fixed) (Total:1504.32 GB) (Free:1282.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: ADCC52F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3E471D12) Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1504 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 Ran by Drummond (administrator) on DRUMMOND-PC on 10-08-2014 12:45:36 Running from C:\Users\Drummond\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\Core Temp\Core Temp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe () C:\Windows\Microsoft\sogr\WindowsUpdater.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\PicRec\runtime\win32\Privoxy\privoxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor) HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1571072 2013-11-20] (Bitdefender) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-31] (Gigabyte Technology CO., LTD.) HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\MountPoints2: {8d9cb889-ed24-11e2-acfd-50e54940ade2} - F:\LaunchU3.exe ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC245412C8EE4CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKCU - {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Drummond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-05-08] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-28] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext Chrome: ======= CHR HomePage: CHR StartupUrls: "hxxp://google.co.uk/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Extension: (Google Drive) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-28] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-28] CHR Extension: (Google Search) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-28] CHR Extension: (Logitech SetPoint) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-28] CHR Extension: (Google Wallet) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-04-01] CHR Extension: (Gmail) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-28] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-11-20] (Bitdefender) S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [419592 2011-06-05] (Future Systems Solutions, Inc.) R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender) R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-14] (Gigabyte Technology CO., LTD.) [File not signed] R2 sogr; C:\Windows\Microsoft\sogr\WindowsUpdater.exe [18944 2014-07-24] () [File not signed] R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-27] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-11-20] (Bitdefender) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-11] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-16] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-16] (BitDefender) R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-20] (BitDefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender) R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-09-02] (C-Media Inc) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-28] () R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-03] (BitDefender LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-03] (BitDefender S.R.L.) R3 ALSysIO; \??\C:\Users\Drummond\AppData\Local\Temp\ALSysIO64.sys [X] U4 bdselfpr; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 12:45 - 2014-08-10 12:45 - 00018835 _____ () C:\Users\Drummond\Desktop\FRST.txt 2014-08-10 12:45 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Drummond\Desktop\FRST-OlderVersion 2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip 2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe 2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill 2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix 2014-08-08 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-08 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-08 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-08 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-08 21:16 - 2014-08-08 21:25 - 00000000 ____D () C:\Qoobox 2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt 2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe 2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe 2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com 2014-08-08 20:20 - 2014-08-10 12:45 - 00000000 ____D () C:\FRST 2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip 2014-08-08 20:10 - 2014-08-10 12:45 - 02093568 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe 2014-08-08 20:05 - 2014-08-08 20:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Drummond\Downloads\SpyHunter-Installer.exe 2014-08-08 19:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-08 19:37 - 2014-08-08 20:23 - 00000000 ____D () C:\AdwCleaner 2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe 2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe 2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe 2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg 2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent 2014-08-06 23:08 - 2014-08-10 12:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-06 23:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-06 23:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg 2014-08-06 17:16 - 2014-08-06 17:54 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox 2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO 2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc 2014-08-06 16:48 - 2014-08-06 16:51 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk 2014-08-06 16:48 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development 2014-08-06 16:46 - 2014-08-06 23:18 - 00000000 ____D () C:\ProgramData\gNxeLQ 2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec 2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer 2014-08-04 11:59 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_ 2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 09:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 09:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 09:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 09:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 09:43 - 2014-07-18 09:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-12 10:47 - 2014-07-12 10:47 - 00001262 _____ () C:\Users\Drummond\Documents\cc_20140712_104734.reg 2014-07-11 09:03 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 09:03 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-11 09:03 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 09:03 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 09:03 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-11 09:03 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 09:03 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 09:03 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 09:03 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-11 09:03 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-11 09:03 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 09:03 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 09:03 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 09:03 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 09:03 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-11 09:03 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-11 09:03 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-11 09:03 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-11 09:03 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 09:03 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-11 09:03 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-11 09:03 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 09:03 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 09:03 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 09:03 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 09:03 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 09:03 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-11 09:03 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-11 09:03 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-11 09:03 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-11 09:03 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 09:03 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-11 09:03 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-11 09:03 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-11 09:03 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 09:03 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-11 09:03 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-11 09:03 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-11 09:03 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-11 09:03 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-11 09:03 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-11 09:03 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-11 09:03 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-11 09:03 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 09:03 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-11 09:03 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-11 09:03 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 09:03 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-11 09:03 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-11 09:03 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-11 09:03 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-11 09:03 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 09:03 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-11 09:03 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-11 09:03 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-11 09:03 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 09:03 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-11 09:03 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-11 09:02 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 09:02 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-11 09:02 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 09:02 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 09:02 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-11 09:02 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-11 09:02 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-11 09:02 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-11 09:02 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-10 12:45 - 2014-08-10 12:45 - 00018835 _____ () C:\Users\Drummond\Desktop\FRST.txt 2014-08-10 12:45 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Drummond\Desktop\FRST-OlderVersion 2014-08-10 12:45 - 2014-08-08 20:20 - 00000000 ____D () C:\FRST 2014-08-10 12:45 - 2014-08-08 20:10 - 02093568 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe 2014-08-10 12:42 - 2012-12-29 23:49 - 00000401 _____ () C:\Windows\system32\checkdnsid.xml 2014-08-10 12:38 - 2012-12-28 08:33 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336.job 2014-08-10 12:34 - 2012-12-28 00:35 - 01307618 ____N () C:\Windows\WindowsUpdate.log 2014-08-10 12:34 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-10 12:34 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-10 12:32 - 2012-12-28 01:27 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-10 12:32 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-10 12:27 - 2014-08-06 23:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-10 12:27 - 2012-12-28 00:53 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-08-10 12:26 - 2012-12-28 08:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d.job 2014-08-10 12:26 - 2012-12-28 01:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-10 12:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-09 11:43 - 2012-12-28 02:04 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Winamp 2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip 2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe 2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill 2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix 2014-08-08 21:25 - 2014-08-08 21:16 - 00000000 ____D () C:\Qoobox 2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt 2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe 2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe 2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com 2014-08-08 20:23 - 2014-08-08 19:37 - 00000000 ____D () C:\AdwCleaner 2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip 2014-08-08 20:05 - 2014-08-08 20:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Drummond\Downloads\SpyHunter-Installer.exe 2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe 2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe 2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe 2014-08-08 13:16 - 2012-12-28 02:22 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Azureus 2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg 2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent 2014-08-06 23:18 - 2014-08-06 16:46 - 00000000 ____D () C:\ProgramData\gNxeLQ 2014-08-06 23:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-06 17:54 - 2014-08-06 17:16 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox 2014-08-06 17:50 - 2013-05-10 15:37 - 00084689 _____ () C:\Windows\SysWOW64\debug.log 2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg 2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO 2014-08-06 16:51 - 2014-08-06 16:48 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk 2014-08-06 16:51 - 2014-08-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon 2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc 2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development 2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec 2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer 2014-08-06 12:30 - 2014-08-04 11:59 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_ 2014-08-06 10:48 - 2012-12-28 02:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-05 22:04 - 2014-01-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-08-05 22:04 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-08-04 09:28 - 2013-01-15 00:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-04 09:28 - 2013-01-15 00:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-30 07:48 - 2014-04-19 20:59 - 00000188 _____ () C:\Users\Drummond\Desktop\films.txt 2014-07-24 18:56 - 2013-03-15 11:00 - 00011938 _____ () C:\Users\Drummond\Documents\web.xlsx 2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 10:55 - 2013-03-13 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-22 12:45 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-21 11:09 - 2012-12-28 17:06 - 00037154 _____ () C:\Users\Drummond\Documents\garden.xlsx 2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 09:44 - 2014-07-18 09:43 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-18 09:44 - 2014-01-18 01:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-18 09:44 - 2014-01-18 01:32 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-15 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-07-13 15:44 - 2014-07-03 23:46 - 00028160 _____ () C:\Users\Drummond\Desktop\car.xls 2014-07-12 10:47 - 2014-07-12 10:47 - 00001262 _____ () C:\Users\Drummond\Documents\cc_20140712_104734.reg 2014-07-11 17:19 - 2009-07-14 05:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-11 09:20 - 2009-07-14 08:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-11 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-11 09:08 - 2012-12-28 08:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-11 09:07 - 2013-07-11 08:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-11 09:06 - 2012-12-28 03:26 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-11 03:02 - 2014-07-18 09:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-18 09:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-18 09:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-18 09:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 00:14 ==================== End Of Log ============================

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 10 August 2014 - 07:45 AM

Hi,

 

please attach the logfiles... :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 11 August 2014 - 03:04 AM

here are the files
and here

Attached Files



#8 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 11 August 2014 - 03:06 AM

.

#9 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 11 August 2014 - 03:10 AM

sorry it wont add the frst txt file now, im starting to doubt my patience with pcs anymore, think its time for tablet only :( its too many kb i think

Attached Files



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 11 August 2014 - 07:16 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   398bytes   6 downloads

After the reboot:

Step 2

Scan with mbam.pngMalwarebytes Antimalware
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 3

Please download the eset.pngESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 12 August 2014 - 04:21 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Drummond at 2014-08-12 09:19:50 Run:1
Running from C:\Users\Drummond\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
R2 sogr; C:\Windows\Microsoft\sogr\WindowsUpdater.exe [18944 2014-07-24] () [File not signed]
C:\Windows\Microsoft\sogr\WindowsUpdater.exe
2014-08-08 20:05 - 2014-08-08 20:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Drummond\Downloads\SpyHunter-Installer.exe
EmptyTemp:
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
sogr => Service stopped successfully.
sogr => Service deleted successfully.
C:\Windows\Microsoft\sogr\WindowsUpdater.exe => Moved successfully.
C:\Users\Drummond\Downloads\SpyHunter-Installer.exe => Moved successfully.
EmptyTemp: => Removed 8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 12/08/2014 09:09:39, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Starting, 
Protection, 12/08/2014 09:09:39, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Started, 
Protection, 12/08/2014 09:09:39, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/08/2014 09:09:45, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Started, 
Protection, 12/08/2014 09:23:37, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Starting, 
Protection, 12/08/2014 09:23:37, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Started, 
Protection, 12/08/2014 09:23:37, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/08/2014 09:23:48, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Started, 
Update, 12/08/2014 09:27:34, SYSTEM, DRUMMOND-PC, Manual, Malware Database, 2014.8.11.3, 2014.8.12.3, 
Protection, 12/08/2014 09:27:36, SYSTEM, DRUMMOND-PC, Protection, Refresh, Starting, 
Protection, 12/08/2014 09:27:36, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 12/08/2014 09:27:36, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 12/08/2014 09:27:39, SYSTEM, DRUMMOND-PC, Protection, Refresh, Success, 
Protection, 12/08/2014 09:27:39, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/08/2014 09:27:39, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Started, 
Protection, 12/08/2014 10:14:00, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Starting, 
Protection, 12/08/2014 10:14:00, SYSTEM, DRUMMOND-PC, Protection, Malware Protection, Started, 
Protection, 12/08/2014 10:14:00, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Starting, 
Protection, 12/08/2014 10:14:01, SYSTEM, DRUMMOND-PC, Protection, Malicious Website Protection, Started, 
 
(end)
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/08/2014
Scan Time: 09:27:58
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.12.03
Rootkit Database: v2014.08.04.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Drummond
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301249
Time Elapsed: 5 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 4
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, Quarantined, [dbbd41813f3c3204bcc325b553af7789]
PUM.Bad.Proxy, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, Quarantined, [d1c75f6319629c9a1e613e9cd82a1de3]
PUM.Bad.Proxy, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, Quarantined, [9ff9bc064833d066a9d6d3076f93d12f]
PUM.Bad.Proxy, HKU\S-1-5-21-3395828480-1802922398-3001359867-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, Quarantined, [d1c7be04552667cf4e31f2e8837f4fb1]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by drummond99, 12 August 2014 - 09:53 AM.


#12 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 12 August 2014 - 09:54 AM

still waiting for ESET to complete!

 

 

5 1/2 hours at the moment!!

 

lol

 

 



#13 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 12 August 2014 - 10:14 AM

C:\AdwCleaner\Quarantine\C\Users\Drummond\AppData\Local\Temp\OCS\ocs_v71b.exe.vir a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\FRST\Quarantine\C\Windows\Microsoft\sogr\WindowsUpdater.exe.xBAD a variant of MSIL/Adware.Proxomoto.G application
C:\Program Files (x86)\PicRec\runtime\win32\PicRec\Installer.dll a variant of MSIL/Adware.Proxomoto.A application
C:\Program Files (x86)\PicRec\runtime\win32\PicRec\InstallerLibrary.dll a variant of MSIL/Adware.Proxomoto.A application
C:\Program Files (x86)\PicRec\runtime\win32\PicRec\WindowsUpdater.exe a variant of MSIL/Adware.Proxomoto.G application
C:\Program Files (x86)\PicRec\runtime\win32\PicRec\backup\InstallerLibrary.dll a variant of MSIL/Adware.Proxomoto.A application
C:\Users\Drummond\Documents\ashampoo_burning_studio_6_free_6.77_4280.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Drummond\Documents\My Received Files\USB Overclocking tools\usbmrs11.exe a variant of Win32/HackTool.Patcher.B potentially unsafe application
C:\Users\Drummond\Downloads\adwcleaner.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\Windows\Microsoft\sogr\Installer.dll a variant of MSIL/Adware.Proxomoto.A application
C:\Windows\Microsoft\sogr\InstallerLibrary.dll a variant of MSIL/Adware.Proxomoto.A application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000001 Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000002 Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003 Win32/Adware.1ClickDownload.AJ application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000004 Win32/Adware.1ClickDownload.AJ application
D:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000005 Win32/Adware.1ClickDownload.AJ application
D:\Users\Drummond\Documents\ashampoo_burning_studio_6_free_6.77_4280.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Users\Drummond\Documents\My Received Files\USB Overclocking tools\usbmrs11.exe a variant of Win32/HackTool.Patcher.B potentially unsafe application
D:\Users\Drummond\Downloads\Browse_Movie_-_YTS (1).exe Win32/Adware.1ClickDownload.AJ application
D:\Users\Drummond\Downloads\Browse_Movie_-_YTS.exe Win32/Adware.1ClickDownload.AJ application
D:\Users\Drummond\Downloads\Helix_S01E12_HDTV_x264-KILLERS[ettv]_-_FREE_Torrent_Download_-_ExtraTorrent.exe Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\Downloads\Hells.Kitchen.US.S10E06.PDTV.x264-LOL.mp4_torrent_-_Other_torrents_-_TV_torrents_-_ExtraTorrent.cc_The_World's_Largest_BitTorrent_System_downloader.exe a variant of Win32/ExpressDownloader.I potentially unwanted application
D:\Users\Drummond\Downloads\Mr_Peabody_and_Sherman_2014_CAM_x264_AC3-Cutting_EDGE_-_FREE_Torrent_Download_-_ExtraTorrent (1).exe Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\Downloads\Mr_Peabody_and_Sherman_2014_CAM_x264_AC3-Cutting_EDGE_-_FREE_Torrent_Download_-_ExtraTorrent.exe Win32/AdWare.1ClickDownload.AJ application
D:\Users\Drummond\Downloads\WWE_Wrestlemania_XXX_DSR_XviD-XWT_-={SPARROW}=-_-_FREE_Torrent_Download_-_ExtraTorrent.exe Win32/Adware.1ClickDownload.AJ application
D:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
I:\SSD Backup\My Documents\ashampoo_burning_studio_6_free_6.77_4280.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
I:\SSD Backup\My Documents\My Received Files\USB Overclocking tools\usbmrs11.exe a variant of Win32/HackTool.Patcher.B potentially unsafe application
 


#14 drummond99

drummond99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 12 August 2014 - 10:15 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Drummond (administrator) on DRUMMOND-PC on 12-08-2014 16:14:54
Running from C:\Users\Drummond\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1571072 2013-11-20] (Bitdefender)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-31] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [GBTUpd] => C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe [297480 2008-04-03] (PreRun)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3395828480-1802922398-3001359867-1000\...\MountPoints2: {8d9cb889-ed24-11e2-acfd-50e54940ade2} - F:\LaunchU3.exe
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC245412C8EE4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {731DDC4D-2C24-46EA-896B-39387233622B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Drummond\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Drummond\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012-12-28]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.co.uk/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-28]
CHR Extension: (Google Search) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-28]
CHR Extension: (Logitech SetPoint) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-28]
CHR Extension: (Google Wallet) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-04-01]
CHR Extension: (Gmail) - C:\Users\Drummond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-12-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-11-20] (Bitdefender)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [419592 2011-06-05] (Future Systems Solutions, Inc.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-14] (Gigabyte Technology CO., LTD.) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-11-20] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-11] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-16] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-20] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-09-02] (C-Media Inc)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-28] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-03] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-03] (BitDefender S.R.L.)
R3 ALSysIO; \??\C:\Users\Drummond\AppData\Local\Temp\ALSysIO64.sys [X]
U4 bdselfpr; 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 10:16 - 2014-08-12 10:16 - 02347384 _____ (ESET) C:\Users\Drummond\Downloads\esetsmartinstaller_enu.exe
2014-08-12 10:16 - 2014-08-12 10:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-12 09:23 - 2014-08-12 10:13 - 00000112 _____ () C:\Windows\setupact.log
2014-08-12 09:23 - 2014-08-12 09:23 - 00001526 _____ () C:\Windows\PFRO.log
2014-08-12 09:23 - 2014-08-12 09:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 09:10 - 2014-08-11 09:10 - 00009068 _____ () C:\Users\Drummond\Desktop\FRST.zip
2014-08-10 12:45 - 2014-08-12 16:14 - 00018576 _____ () C:\Users\Drummond\Desktop\FRST.txt
2014-08-10 12:45 - 2014-08-10 12:46 - 00035397 _____ () C:\Users\Drummond\Desktop\Addition.txt
2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip
2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe
2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill
2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix
2014-08-08 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-08 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-08 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-08 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-08 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-08 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-08 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-08 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-08 21:16 - 2014-08-08 21:25 - 00000000 ____D () C:\Qoobox
2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt
2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe
2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe
2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com
2014-08-08 20:20 - 2014-08-12 16:14 - 00000000 ____D () C:\FRST
2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-08 20:10 - 2014-08-12 09:19 - 02099712 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe
2014-08-08 19:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-08 19:37 - 2014-08-08 20:23 - 00000000 ____D () C:\AdwCleaner
2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe
2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe
2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe
2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg
2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent
2014-08-06 23:08 - 2014-08-12 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 23:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-06 23:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-06 23:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg
2014-08-06 17:16 - 2014-08-06 17:54 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox
2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc
2014-08-06 16:48 - 2014-08-06 16:51 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-08-06 16:48 - 2014-08-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development
2014-08-06 16:46 - 2014-08-06 23:18 - 00000000 ____D () C:\ProgramData\gNxeLQ
2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec
2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer
2014-08-04 11:59 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_
2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 09:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 09:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 09:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 09:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 09:43 - 2014-07-18 09:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 16:15 - 2014-08-10 12:45 - 00018576 _____ () C:\Users\Drummond\Desktop\FRST.txt
2014-08-12 16:14 - 2014-08-08 20:20 - 00000000 ____D () C:\FRST
2014-08-12 16:13 - 2012-12-29 23:49 - 00000401 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-12 15:38 - 2012-12-28 08:33 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cde4cdb1927336.job
2014-08-12 15:32 - 2012-12-28 01:27 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:17 - 2014-08-06 23:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 15:14 - 2012-12-28 00:35 - 01398853 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 11:16 - 2012-12-28 17:06 - 00036860 _____ () C:\Users\Drummond\Documents\garden.xlsx
2014-08-12 10:20 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 10:20 - 2009-07-14 05:45 - 00014848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 10:18 - 2009-07-14 06:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 10:16 - 2014-08-12 10:16 - 02347384 _____ (ESET) C:\Users\Drummond\Downloads\esetsmartinstaller_enu.exe
2014-08-12 10:16 - 2014-08-12 10:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-12 10:14 - 2012-12-28 08:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cde4cdaf02e51d.job
2014-08-12 10:14 - 2012-12-28 01:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 10:14 - 2012-12-28 00:53 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-12 10:13 - 2014-08-12 09:23 - 00000112 _____ () C:\Windows\setupact.log
2014-08-12 10:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 09:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-12 09:23 - 2014-08-12 09:23 - 00001526 _____ () C:\Windows\PFRO.log
2014-08-12 09:23 - 2014-08-12 09:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-12 09:19 - 2014-08-08 20:10 - 02099712 _____ (Farbar) C:\Users\Drummond\Desktop\FRST64.exe
2014-08-11 09:10 - 2014-08-11 09:10 - 00009068 _____ () C:\Users\Drummond\Desktop\FRST.zip
2014-08-10 12:46 - 2014-08-10 12:45 - 00035397 _____ () C:\Users\Drummond\Desktop\Addition.txt
2014-08-09 11:43 - 2012-12-28 02:04 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Winamp
2014-08-08 21:47 - 2014-08-08 21:47 - 00189384 _____ () C:\Users\Public\Desktop\bdsyslog.zip
2014-08-08 21:44 - 2014-08-08 21:44 - 04773936 _____ (Bitdefender S.R.L) C:\Users\Drummond\Desktop\BDSysLog_i.exe
2014-08-08 21:26 - 2014-08-08 21:26 - 00000000 ____D () C:\Users\Drummond\Desktop\rkill
2014-08-08 21:25 - 2014-08-08 21:25 - 00000000 ___SD () C:\ComboFix
2014-08-08 21:25 - 2014-08-08 21:16 - 00000000 ____D () C:\Qoobox
2014-08-08 21:16 - 2014-08-08 21:16 - 00000000 ____D () C:\Windows\erdnt
2014-08-08 21:15 - 2014-08-08 21:15 - 05568206 ____R (Swearware) C:\Users\Drummond\Desktop\ComboFix.exe
2014-08-08 21:15 - 2014-08-08 21:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Drummond\Desktop\rkill.exe
2014-08-08 21:14 - 2014-08-08 21:14 - 00688992 _____ (Swearware) C:\Users\Drummond\Desktop\dds.com
2014-08-08 20:23 - 2014-08-08 19:37 - 00000000 ____D () C:\AdwCleaner
2014-08-08 20:12 - 2014-08-08 20:12 - 04872677 _____ () C:\Users\Drummond\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-08 19:37 - 2014-08-08 19:37 - 01366203 _____ () C:\Users\Drummond\Desktop\adwcleaner_3.304.exe
2014-08-08 19:36 - 2014-08-08 19:36 - 00961360 _____ (Chip Digital GmbH) C:\Users\Drummond\Downloads\adwcleaner.exe
2014-08-08 19:34 - 2014-08-08 19:34 - 01475072 _____ () C:\Users\Drummond\Downloads\adwcleaner_3.303.exe
2014-08-08 13:16 - 2012-12-28 02:22 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Azureus
2014-08-08 11:14 - 2014-08-08 11:14 - 00001126 _____ () C:\Users\Drummond\Documents\cc_20140808_111433.reg
2014-08-08 10:47 - 2014-08-08 10:47 - 00016638 _____ () C:\Users\Drummond\Downloads\How.To.Train.Your.Dragon.2.2014.CAM.XviD-FORZA.avi.torrent
2014-08-06 23:18 - 2014-08-06 16:46 - 00000000 ____D () C:\ProgramData\gNxeLQ
2014-08-06 23:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 23:07 - 2014-08-06 23:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 23:06 - 2014-08-06 23:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Drummond\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-06 17:54 - 2014-08-06 17:16 - 00000000 ____D () C:\Users\Drummond\Desktop\minecraft xbox
2014-08-06 17:50 - 2013-05-10 15:37 - 00084689 _____ () C:\Windows\SysWOW64\debug.log
2014-08-06 17:45 - 2014-08-06 17:45 - 00027896 _____ () C:\Users\Drummond\Documents\cc_20140806_174520.reg
2014-08-06 17:02 - 2014-08-06 17:02 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\PowerISO
2014-08-06 16:51 - 2014-08-06 16:48 - 00001282 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-08-06 16:51 - 2014-08-06 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\Users\Drummond\AppData\Local\Daring_Development_Inc
2014-08-06 16:48 - 2014-08-06 16:48 - 00000000 ____D () C:\Program Files (x86)\Daring Development
2014-08-06 16:46 - 2014-08-06 16:46 - 00000000 ____D () C:\Program Files (x86)\PicRec
2014-08-06 12:30 - 2014-08-06 12:30 - 00000000 ____D () C:\Users\Drummond\AppData\Roaming\Party Buffalo Drive Explorer
2014-08-06 12:30 - 2014-08-04 11:59 - 00000000 ____D () C:\Users\Drummond\AppData\Local\_
2014-08-06 10:48 - 2012-12-28 02:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-05 22:04 - 2014-01-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-05 22:04 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-04 09:28 - 2013-01-15 00:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-04 09:28 - 2013-01-15 00:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-30 07:48 - 2014-04-19 20:59 - 00000188 _____ () C:\Users\Drummond\Desktop\films.txt
2014-07-24 18:56 - 2013-03-15 11:00 - 00011938 _____ () C:\Users\Drummond\Documents\web.xlsx
2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 12:20 - 2013-03-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 10:55 - 2013-03-13 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 12:45 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-18 09:44 - 2014-07-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 09:44 - 2014-07-18 09:43 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 09:44 - 2014-01-18 01:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 09:44 - 2014-01-18 01:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-15 20:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 15:44 - 2014-07-03 23:46 - 00028160 _____ () C:\Users\Drummond\Desktop\car.xls
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:14
 
==================== End Of Log ============================


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 14 August 2014 - 04:36 AM

Hi,
first of all, the logs look good. No more active malware or adware has been found.
The proxy-settings are not "dangerous" but they make the Internet Explorer more or less unusable.

Step 1

Please disable the proxy settings in Internet Explorer 11.
  • On the Internet Explorer window, click on Tools, then click on Internet Options.
  • On the Internet Options window, click the Connections tab, then click on the LAN settings button.
  • Make sure that the boxes are unchecked and klick OK.
ieproxy.PNG


Step 2

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   58bytes   4 downloads

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users