Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Server Hijacking (PDF Lite Adware)


  • This topic is locked This topic is locked
10 replies to this topic

#1 frrtbkr

frrtbkr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 28 August 2014 - 08:02 AM

Hello.
 
Recently I mistakenly installed a program called PDFlite (htxxtp://www.pdflite.com/) which I quickly realized packaged along with it a bunch of unwanted cruft. I've run Microsoft's security essentials, Malwarebites Anti Malware and spybot s&d but there's still some issue with my browser setting (chrome/ie) switching the proxy server to an ad injecting one on port :5050.
 
Any help in figuring out what's left would be greatly appreciated!
 
Here's the log output from DDS:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.65.2
Run by Jared at 8:49:26 on 2014-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3380 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\HPSIsvc.exe
C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Belvedere\Belvedere.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\iTunnel 7.1\itunnel_mux.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\Notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyServer = 127.0.0.1:5050
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: PETN: {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} - C:\Program Files (x86)\PETN\petn.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Spotify Web Helper] "C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Jared\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [F.lux] "C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Akamai NetSession Interface] "C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe"
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ITUNNE~1.LNK - C:\Program Files (x86)\iTunnel 7.1\iTunnel 7.1.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BELVED~1.LNK - C:\Program Files (x86)\Belvedere\Belvedere.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYSOFT~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\newsflsh.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} - hxxp://192.168.1.104:85/N9DvrOcx.cab?V1111
DPF: {AAB58191-AFBE-4366-93FD-1E45F7C97FA0} - hxxp://pdm.suffolkconstruction.com/PDMSubTheme/FileDownload/FileDownloader2.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F96E2C0-FA00-4AFB-9E5D-2AB671AEB1B5} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1} : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2456C6B696E6D24496675627379666965646 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2456C6B696E6D24496675627379666965646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\25F63756D6162797D20534D275962756C6563737 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\25F63756D6162797D20534D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2656C6B696E6E2936603 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2656C6B696E6E2936603 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\645756C6 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\645756C6 : DHCPNameServer = 172.25.0.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\C41634965602645756C60273836343 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\C41634965602645756C60273836343 : DHCPNameServer = 172.25.0.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\D4163626F6F6B6020527F6 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\D4163626F6F6B6020527F6 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: PETN: {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} - C:\Program Files (x86)\PETN\petn64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [DpTsClnt] Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-4-18 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-4-18 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2012-4-18 23648]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-4-18 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2012-4-18 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2012-4-18 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2012-4-18 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2012-4-18 62584]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-11-12 23552]
R2 Diagnostics;Diagnostics;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2014-6-13 126880]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [2013-11-4 376152]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Proxy;Proxy;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-19 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-19 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-19 168384]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-18 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-9-15 36656]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-4-18 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\usbvideo.sys [2013-10-9 185344]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 CH341SER_A64;CH341SER_A64;C:\windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-5 19456]
S3 rzdaendpt;Razer DeathAdder end point;C:\windows\System32\drivers\rzdaendpt.sys [2012-10-9 25600]
S3 rzudd;Razer Mouse Driver;C:\windows\System32\drivers\rzudd.sys [2012-9-18 112640]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\windows\System32\drivers\rzvkeyboard.sys [2012-10-9 23040]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-24 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-28 12:47:17 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-28 12:30:12 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECCE9419-AA6C-4E50-99BD-5231A7E00B07}\offreg.dll
2014-08-28 12:28:40 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECCE9419-AA6C-4E50-99BD-5231A7E00B07}\mpengine.dll
2014-08-27 23:56:43 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-27 23:56:43 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-27 23:56:43 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-27 19:25:13 388096 ----a-r- C:\Users\Jared\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-08-27 19:22:36 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-27 16:31:04 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-27 16:22:45 79952 ----a-w- C:\windows\cc_20140827_122242.reg
2014-08-27 15:29:15 -------- d-----w- C:\$RECYCLE.BIN
2014-08-27 15:16:56 98816 ----a-w- C:\windows\sed.exe
2014-08-27 15:16:56 256000 ----a-w- C:\windows\PEV.exe
2014-08-27 15:16:56 208896 ----a-w- C:\windows\MBR.exe
2014-08-27 15:15:43 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-27 15:15:32 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-27 15:15:32 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-27 15:15:32 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-27 15:15:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-27 15:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 15:08:20 -------- d-----w- C:\windows\ERUNT
2014-08-27 14:26:11 -------- d-----w- C:\AdwCleaner
2014-08-27 14:19:54 -------- d-----w- C:\windows\pss
2014-08-26 20:05:46 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-26 19:10:14 -------- d-----w- C:\ProgramData\wIFcbAX
2014-08-26 19:08:00 -------- d-----w- C:\Program Files (x86)\Common Files\Diagnostics
2014-08-26 19:07:15 -------- d-----w- C:\Users\Jared\AppData\Local\PETN
2014-08-26 19:07:15 -------- d-----w- C:\Program Files (x86)\PETN
2014-08-26 19:07:14 -------- d-----w- C:\Program Files (x86)\Common Files\Common dictionary
2014-08-22 13:48:27 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-22 13:48:15 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-22 13:48:15 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-22 13:47:54 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-22 13:47:54 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-22 13:47:53 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-22 13:47:53 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-21 14:08:12 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{916CFD00-FDFB-4564-9665-131883253458}\gapaengine.dll
2014-08-15 07:01:27 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-15 07:01:27 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-15 07:01:27 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-15 07:01:26 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-15 07:01:25 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-15 07:01:25 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-15 07:01:07 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:01:07 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-15 02:15:09 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-15 02:15:09 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-08-15 02:15:09 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-08-15 02:15:09 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-08-15 02:05:07 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-15 02:05:07 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-15 02:05:04 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-15 02:05:04 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-15 02:05:04 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-15 02:05:04 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-15 02:05:04 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-15 02:05:03 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-15 02:05:03 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-15 02:04:59 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-15 02:04:52 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-15 02:04:51 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-14 13:28:23 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-14 13:28:23 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-12 13:14:34 -------- d-----w- C:\Program Files\iPod
2014-08-12 13:14:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 13:14:33 -------- d-----w- C:\Program Files\iTunes
2014-08-12 13:14:33 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-28 12:19:17 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat
2014-07-24 12:10:54 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2014-07-22 19:14:46 137376 ----a-w- C:\windows\System32\vcomp120.dll
2014-07-22 12:55:40 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-06-24 17:19:36 829264 ----a-w- C:\windows\System32\msvcr100.dll
2014-06-24 17:19:36 608080 ----a-w- C:\windows\System32\msvcp100.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-16 19:22:51 595 ----a-w- C:\Users\Jared\tsMS.reg
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH:  8:49:51.35 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.65.2
Run by Jared at 8:49:26 on 2014-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3380 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\HPSIsvc.exe
C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Belvedere\Belvedere.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\iTunnel 7.1\itunnel_mux.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\Notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uProxyServer = 127.0.0.1:5050
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: PETN: {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} - C:\Program Files (x86)\PETN\petn.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Spotify Web Helper] "C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Jared\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [F.lux] "C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Akamai NetSession Interface] "C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe"
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Jared\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ITUNNE~1.LNK - C:\Program Files (x86)\iTunnel 7.1\iTunnel 7.1.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BELVED~1.LNK - C:\Program Files (x86)\Belvedere\Belvedere.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYSOFT~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\newsflsh.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} - hxxp://192.168.1.104:85/N9DvrOcx.cab?V1111
DPF: {AAB58191-AFBE-4366-93FD-1E45F7C97FA0} - hxxp://pdm.suffolkconstruction.com/PDMSubTheme/FileDownload/FileDownloader2.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F96E2C0-FA00-4AFB-9E5D-2AB671AEB1B5} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1} : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2456C6B696E6D24496675627379666965646 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2456C6B696E6D24496675627379666965646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\25F63756D6162797D20534D275962756C6563737 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\25F63756D6162797D20534D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2656C6B696E6E2936603 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\2656C6B696E6E2936603 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\645756C6 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\645756C6 : DHCPNameServer = 172.25.0.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\C41634965602645756C60273836343 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\C41634965602645756C60273836343 : DHCPNameServer = 172.25.0.1
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\D4163626F6F6B6020527F6 : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}\D4163626F6F6B6020527F6 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: PETN: {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} - C:\Program Files (x86)\PETN\petn64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TpShocks] C:\windows\System32\TpShocks.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [DpTsClnt] Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-4-18 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-4-18 39008]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 TPDIGIMN;TPDIGIMN;C:\windows\System32\drivers\ApsHM64.sys [2012-4-18 23648]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-4-18 13408]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2012-4-18 55880]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2012-4-18 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2012-4-18 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2012-4-18 62584]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-11-12 23552]
R2 Diagnostics;Diagnostics;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2014-6-13 126880]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [2013-11-4 376152]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Proxy;Proxy;C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-19 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-19 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-19 168384]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-18 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-24 31088]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-9-15 36656]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-15 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-4-18 307304]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\usbvideo.sys [2013-10-9 185344]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 CH341SER_A64;CH341SER_A64;C:\windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-5 19456]
S3 rzdaendpt;Razer DeathAdder end point;C:\windows\System32\drivers\rzdaendpt.sys [2012-10-9 25600]
S3 rzudd;Razer Mouse Driver;C:\windows\System32\drivers\rzudd.sys [2012-9-18 112640]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\windows\System32\drivers\rzvkeyboard.sys [2012-10-9 23040]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-24 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-28 12:47:17 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-28 12:30:12 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECCE9419-AA6C-4E50-99BD-5231A7E00B07}\offreg.dll
2014-08-28 12:28:40 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECCE9419-AA6C-4E50-99BD-5231A7E00B07}\mpengine.dll
2014-08-27 23:56:43 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-27 23:56:43 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-08-27 23:56:43 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-27 19:25:13 388096 ----a-r- C:\Users\Jared\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-08-27 19:22:36 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-27 16:31:04 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-08-27 16:22:45 79952 ----a-w- C:\windows\cc_20140827_122242.reg
2014-08-27 15:29:15 -------- d-----w- C:\$RECYCLE.BIN
2014-08-27 15:16:56 98816 ----a-w- C:\windows\sed.exe
2014-08-27 15:16:56 256000 ----a-w- C:\windows\PEV.exe
2014-08-27 15:16:56 208896 ----a-w- C:\windows\MBR.exe
2014-08-27 15:15:43 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-27 15:15:32 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-27 15:15:32 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-27 15:15:32 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-27 15:15:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-27 15:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 15:08:20 -------- d-----w- C:\windows\ERUNT
2014-08-27 14:26:11 -------- d-----w- C:\AdwCleaner
2014-08-27 14:19:54 -------- d-----w- C:\windows\pss
2014-08-26 20:05:46 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-26 19:10:14 -------- d-----w- C:\ProgramData\wIFcbAX
2014-08-26 19:08:00 -------- d-----w- C:\Program Files (x86)\Common Files\Diagnostics
2014-08-26 19:07:15 -------- d-----w- C:\Users\Jared\AppData\Local\PETN
2014-08-26 19:07:15 -------- d-----w- C:\Program Files (x86)\PETN
2014-08-26 19:07:14 -------- d-----w- C:\Program Files (x86)\Common Files\Common dictionary
2014-08-22 13:48:27 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-22 13:48:15 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-22 13:48:15 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-22 13:47:54 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-22 13:47:54 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-22 13:47:53 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-22 13:47:53 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-21 14:08:12 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{916CFD00-FDFB-4564-9665-131883253458}\gapaengine.dll
2014-08-15 07:01:27 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-15 07:01:27 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-15 07:01:27 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-15 07:01:26 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-15 07:01:25 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-15 07:01:25 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-15 07:01:07 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:01:07 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-15 02:15:09 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-15 02:15:09 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-08-15 02:15:09 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-08-15 02:15:09 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-08-15 02:05:07 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-15 02:05:07 2048 ----a-w- C:\windows\System32\tzres.dll
2014-08-15 02:05:04 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-15 02:05:04 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-15 02:05:04 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-15 02:05:04 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-15 02:05:04 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-15 02:05:03 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-15 02:05:03 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-15 02:04:59 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-15 02:04:52 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-15 02:04:51 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-14 13:28:23 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-14 13:28:23 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-12 13:14:34 -------- d-----w- C:\Program Files\iPod
2014-08-12 13:14:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 13:14:33 -------- d-----w- C:\Program Files\iTunes
2014-08-12 13:14:33 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-28 12:19:17 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat
2014-07-24 12:10:54 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2014-07-22 19:14:46 137376 ----a-w- C:\windows\System32\vcomp120.dll
2014-07-22 12:55:40 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-06-24 17:19:36 829264 ----a-w- C:\windows\System32\msvcr100.dll
2014-06-24 17:19:36 608080 ----a-w- C:\windows\System32\msvcp100.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-16 19:22:51 595 ----a-w- C:\Users\Jared\tsMS.reg
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH:  8:49:51.35 ===============

Attached Files


Edited by nasdaq, 01 September 2014 - 07:35 AM.
bad link obfuscated


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 01 September 2014 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Did you install the PDFlite program on 2014-8-21.
This is suspicious.
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 frrtbkr

frrtbkr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 02 September 2014 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Did you install the PDFlite program on 2014-8-21.
This is suspicious.
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [2014-8-21 56832]
===

How is the computer running?
Wait for further instructions.

It was most likely on 8/21. It will not connect to any local service that requires a different port than the default :80, otherwise it's been running well enough to be useable. 

 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jared [Admin rights]
Mode : Remove -- Date : 09/02/2014  09:14:42
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 50 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm -> DELETED
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-PUBLIC_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-PUBLIC_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> REPLACED (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-PUBLIC_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> DELETED
[PUM.Proxy] (X86) HKEY_USERS\S-PUBLIC_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050  -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-133784331-4179198323-593139465-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\PETN Update -- C:\Users\Jared\AppData\Local\PETN\petnupdate.exe (CID=trbucket01 NAME="PETN" AUTOGUID={DA9CF11D-76E2-4CB6-B958-7EC56CF0C623}) -> DELETED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\Shockprf @ Unknown (\SystemRoot\System32\drivers\rdyboost.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-24HXZT3 +++++
--- User ---
[MBR] 390b743879dbf0da7f62c6ae06a7fa9f
[BSP] 26289ecb5d89e1b742460da8945f4574 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_09022014_090951.log

# AdwCleaner v3.308 - Report created 02/09/2014 at 09:42:22
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jared - LENOVO-LAPTOP
# Running from : C:\Users\Jared\Desktop\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17054
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3438 octets] - [27/08/2014 10:26:13]
AdwCleaner[R1].txt - [1394 octets] - [27/08/2014 12:30:24]
AdwCleaner[R2].txt - [1135 octets] - [29/08/2014 11:03:09]
AdwCleaner[R3].txt - [1259 octets] - [02/09/2014 09:18:23]
AdwCleaner[R4].txt - [1380 octets] - [02/09/2014 09:41:12]
AdwCleaner[S0].txt - [3401 octets] - [27/08/2014 10:28:03]
AdwCleaner[S1].txt - [1461 octets] - [27/08/2014 12:42:03]
AdwCleaner[S2].txt - [1197 octets] - [29/08/2014 11:04:35]
AdwCleaner[S3].txt - [1321 octets] - [02/09/2014 09:19:23]
AdwCleaner[S4].txt - [1301 octets] - [02/09/2014 09:42:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1361 octets] ##########


#4 frrtbkr

frrtbkr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 02 September 2014 - 09:07 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Jared (administrator) on LENOVO-LAPTOP on 02-09-2014 09:56:32
Running from C:\Users\Jared\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Spotify Ltd) C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Flux Software LLC) C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe
(Akamai Technologies, Inc.) C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Lifehacker) C:\Program Files (x86)\Belvedere\Belvedere.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\iTunnel 7.1\itunnel_mux.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-18] (Lenovo)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-18] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [Spotify Web Helper] => C:\Users\Jared\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-21] (Spotify Ltd)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [Spotify] => C:\Users\Jared\AppData\Roaming\Spotify\spotify.exe [6621752 2014-08-21] (Spotify Ltd)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [F.lux] => C:\Users\Jared\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jared\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-133784331-4179198323-593139465-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk
ShortcutTarget: Belvedere.lnk -> C:\Program Files (x86)\Belvedere\Belvedere.exe (Lifehacker)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
ShortcutTarget: MySoftware NewsFlash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\newsflsh.exe (MySoftware, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunnel 7.1.vbs - Shortcut.lnk
ShortcutTarget: iTunnel 7.1.vbs - Shortcut.lnk -> C:\Program Files (x86)\iTunnel 7.1\iTunnel 7.1.vbs ()
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn64.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {9AA03FEC-6582-48B1-BC62-821D4A7B9461} http://192.168.1.104:85/N9DvrOcx.cab?V1111
DPF: HKLM-x32 {AAB58191-AFBE-4366-93FD-1E45F7C97FA0} http://pdm.suffolkconstruction.com/PDMSubTheme/FileDownload/FileDownloader2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9D7DC07-02B5-4AF1-9B9D-C96D928B23B1}: [NameServer] 4.2.2.1,4.2.2.2
 
FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-06-13]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3331221&octid=EB_ORIGINAL_CTID&ISID=MB5C9B464-C39E-406F-B0C1-645CAA82CE8B&SearchSource=55&CUI=&UM=6&UP=SP99639A43-5215-448E-B5DA-068E1E5FE2A0&SSPV=
CHR StartupUrls: Profile 1 -> "https://mail.google.com/mail/u/0/#inbox", "hxxp://127.0.0.1:333/"
CHR DefaultSearchURL: Profile 1 -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tynt Blocker) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\achmnghbfplhfomhiohmojicomlgmkam [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-05-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Adblock Plus) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-05-25]
CHR Extension: (HTTPS Everywhere) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-20]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2013-01-18]
CHR Extension: (IE Tab) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-07-17]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-06-20]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-01-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2012-06-26]
CHR Extension: (Simplenote) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjoocpipbbafoimjgbkmfnjcjejdbjo [2012-07-09]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (SABconnect++) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2013-06-20]
CHR Extension: (LogMeIn) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-08-08]
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
CHR Extension: (Google Search) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
CHR Extension: (Mailto: for Gmail™) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2013-03-12]
CHR Extension: (Pinboard Tools) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpaohcncbmkojcpcjaojcehdlnjfbjkl [2013-10-29]
CHR Extension: (AdBlock) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-12]
CHR Extension: (IE Tab) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2013-04-18]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-16]
CHR Extension: (Pinboard Bookmark Bar Sync 1.1) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilbhogiegeofdbmkbbbanjdggcoonbpd [2013-10-29]
CHR Extension: (FireVortex) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kefonnffnoibcjonifddiapilmkobfop [2014-03-07]
CHR Extension: (Boomerang for Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (NotScripts) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-02-18]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-25]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-25]
CHR Extension: (Google Search) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-04]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google Search) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (YouTube) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Rescue Technician Console\LogMeInRescueTechnicianConsole_x64\LMIGuardianSvc.exe [376152 2013-11-04] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-09] (Razer USA Ltd) [File not signed]
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [112640 2012-09-18] (Razer USA Ltd) [File not signed]
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-09] (Razer USA Ltd) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
U4 vsserv; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 09:56 - 2014-09-02 09:56 - 00000000 ____D () C:\FRST
2014-09-02 09:55 - 2014-09-02 09:56 - 00000000 ____D () C:\Users\Jared\Desktop\New folder
2014-09-02 09:48 - 2014-09-02 09:48 - 00001441 _____ () C:\Users\Jared\Desktop\AdwCleaner[S4].txt
2014-09-02 09:28 - 2014-09-02 09:28 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 09:17 - 2014-09-02 09:17 - 01364531 _____ () C:\Users\Jared\Desktop\adwcleaner_3.308.exe
2014-09-02 09:17 - 2014-09-02 09:17 - 00009977 _____ () C:\Users\Jared\Desktop\RKreport_DEL_09022014_091442.log
2014-09-02 09:04 - 2014-09-02 09:04 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-02 09:04 - 2014-09-02 09:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-02 09:03 - 2014-09-02 09:03 - 05427288 _____ () C:\Users\Jared\Desktop\RogueKillerX64.exe
2014-08-29 13:21 - 2014-09-02 08:59 - 00007168 _____ () C:\Users\Jared\Downloads\sales.xls
2014-08-29 13:06 - 2014-08-29 13:07 - 05185536 _____ (AVAST Software) C:\Users\Jared\Downloads\aswmbr.exe
2014-08-29 13:01 - 2014-08-29 13:01 - 00030610 _____ () C:\ComboFix.txt
2014-08-29 12:52 - 2014-08-29 13:01 - 00000000 ____D () C:\ComboFix
2014-08-29 12:36 - 2014-08-29 12:36 - 05576760 ____R (Swearware) C:\Users\Jared\Downloads\ComboFix.exe
2014-08-29 11:33 - 2014-09-02 08:59 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0c0e8202-f70c-4023-b8eb-aaf9c8303e74.job
2014-08-29 11:33 - 2014-09-02 08:59 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 00720561-b5b6-448f-9fca-3fc4b43f4451.job
2014-08-29 11:33 - 2014-08-29 11:33 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 00720561-b5b6-448f-9fca-3fc4b43f4451
2014-08-29 11:33 - 2014-08-29 11:33 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0c0e8202-f70c-4023-b8eb-aaf9c8303e74
2014-08-29 11:33 - 2014-08-29 11:33 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\SUPERAntiSpyware.com
2014-08-29 11:32 - 2014-09-02 09:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-29 11:32 - 2014-08-29 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-29 11:32 - 2014-08-29 11:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-29 11:27 - 2014-08-29 12:15 - 16543855 _____ () C:\Users\Jared\Downloads\6gq5v4wn.exe
2014-08-29 11:26 - 2014-08-29 11:32 - 19056640 _____ (SUPERAntiSpyware) C:\Users\Jared\Downloads\SUPERAntiSpyware.exe
2014-08-29 11:21 - 2014-08-29 11:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-29 11:21 - 2014-08-29 11:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-29 11:21 - 2014-08-29 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-29 11:20 - 2014-08-29 11:22 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jared\Downloads\tdsskiller.exe
2014-08-29 11:17 - 2014-08-29 11:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Jared\Downloads\mseinstall.exe
2014-08-29 11:11 - 2014-08-29 11:14 - 00085883 _____ () C:\ProgramData\1409324942.7960.bin
2014-08-29 11:09 - 2014-08-29 11:14 - 00051457 _____ () C:\ProgramData\1409324942.4980.bin
2014-08-29 11:09 - 2014-08-29 11:14 - 00003576 _____ () C:\ProgramData\1409324942.4188.bin
2014-08-29 11:09 - 2014-08-29 11:11 - 00117786 _____ () C:\ProgramData\1409324942.5728.bin
2014-08-29 11:09 - 2014-08-29 11:11 - 00003189 _____ () C:\ProgramData\1409324942.952.bin
2014-08-29 11:09 - 2014-08-29 11:11 - 00000991 _____ () C:\ProgramData\1409324942.5924.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00018029 _____ () C:\ProgramData\1409324942.5568.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00009193 _____ () C:\ProgramData\1409324942.5268.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00002726 _____ () C:\ProgramData\1409324942.3560.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00000739 _____ () C:\ProgramData\1409324942.4560.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00000739 _____ () C:\ProgramData\1409324942.3996.bin
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\QuickScan
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUISkin32.dll
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUISkin.dll
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUH.dll
2014-08-29 10:39 - 2014-09-02 09:43 - 00000280 _____ () C:\windows\setupact.log
2014-08-29 10:37 - 2014-08-29 11:14 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-29 10:33 - 2014-08-29 10:34 - 06770064 _____ () C:\Users\Jared\Downloads\bitdefender_antivirus.exe
2014-08-28 08:48 - 2014-08-28 08:49 - 00688992 ____R (Swearware) C:\Users\Jared\Downloads\dds.com
2014-08-28 08:28 - 2014-09-02 09:28 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-27 19:56 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 19:56 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 19:56 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 15:25 - 2014-08-27 15:25 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-27 15:23 - 2014-08-27 15:23 - 01402880 _____ () C:\Users\Jared\Downloads\HiJackThis.msi
2014-08-27 15:22 - 2014-08-27 15:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 15:21 - 2014-08-27 15:22 - 02347384 _____ (ESET) C:\Users\Jared\Downloads\esetsmartinstaller_enu.exe
2014-08-27 15:20 - 2014-08-27 15:21 - 00000958 _____ () C:\Users\Jared\Downloads\SystemLook.txt
2014-08-27 15:19 - 2014-08-27 15:19 - 00165376 _____ () C:\Users\Jared\Downloads\SystemLook_x64.exe
2014-08-27 12:52 - 2014-09-02 09:28 - 00021480 _____ () C:\windows\SecuniaPackage.log
2014-08-27 12:44 - 2014-08-27 12:44 - 00000000 _____ () C:\windows\setuperr.log
2014-08-27 12:42 - 2014-09-02 09:43 - 00008468 _____ () C:\windows\PFRO.log
2014-08-27 12:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-27 12:29 - 2014-08-27 12:29 - 01364531 _____ () C:\Users\Jared\Downloads\AdwCleaner.exe
2014-08-27 12:28 - 2014-08-27 12:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe
2014-08-27 12:26 - 2014-08-27 12:26 - 00022607 _____ () C:\Users\Jared\Downloads\Result.txt
2014-08-27 12:25 - 2014-08-27 12:25 - 00401920 _____ (Farbar) C:\Users\Jared\Downloads\MiniToolBox.exe
2014-08-27 12:22 - 2014-08-27 12:22 - 00079952 _____ () C:\windows\cc_20140827_122242.reg
2014-08-27 11:16 - 2014-08-29 13:01 - 00000000 ____D () C:\Qoobox
2014-08-27 11:16 - 2014-08-27 11:33 - 00000000 ____D () C:\windows\erdnt
2014-08-27 11:16 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-27 11:16 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-27 11:16 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-27 11:16 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-27 11:16 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-27 11:16 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-27 11:16 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-27 11:16 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-27 11:15 - 2014-08-27 12:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:15 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-27 11:15 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-27 11:15 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-27 11:08 - 2014-08-27 11:08 - 00000000 ____D () C:\windows\ERUNT
2014-08-27 10:26 - 2014-09-02 09:42 - 00000000 ____D () C:\AdwCleaner
2014-08-27 10:19 - 2014-08-27 11:50 - 00000000 ____D () C:\windows\pss
2014-08-26 15:30 - 2014-08-26 15:49 - 00020869 _____ () C:\windows\wininit.ini
2014-08-26 15:10 - 2014-08-27 11:50 - 00000000 ____D () C:\ProgramData\wIFcbAX
2014-08-26 15:08 - 2014-08-26 15:08 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-08-26 15:07 - 2014-08-26 15:07 - 00000000 ____D () C:\Users\Jared\AppData\Local\PETN
2014-08-26 15:07 - 2014-08-26 15:07 - 00000000 ____D () C:\Program Files (x86)\PETN
2014-08-22 09:48 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 09:48 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 09:48 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 09:48 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 09:48 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 09:48 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 09:48 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 09:48 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 09:48 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 09:48 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 09:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 09:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 09:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 09:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-15 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-15 03:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-15 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 22:20 - 2014-07-24 08:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 22:20 - 2014-07-24 08:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 22:20 - 2014-07-24 08:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 22:20 - 2014-07-24 08:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 22:20 - 2014-07-24 08:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 22:20 - 2014-07-24 06:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 22:20 - 2014-07-24 06:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 22:20 - 2014-07-24 06:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 22:20 - 2014-07-24 06:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 22:20 - 2014-07-24 06:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 22:20 - 2014-07-24 06:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 22:20 - 2014-07-24 05:37 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-08-14 22:20 - 2014-07-24 05:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-14 22:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 22:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 22:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 22:15 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 22:15 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 22:15 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 22:15 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 22:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 22:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 22:15 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 22:15 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 22:15 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 22:05 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 22:05 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 22:05 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 22:05 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 22:05 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 22:05 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 22:05 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 22:05 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 22:05 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 22:04 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 22:04 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-14 22:04 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 22:04 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 22:04 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 09:28 - 2014-09-02 08:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 09:28 - 2014-08-14 09:28 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 09:28 - 2014-08-14 09:28 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 09:28 - 2014-08-14 09:28 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-12 09:14 - 2014-08-12 09:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 09:14 - 2014-08-12 09:15 - 00000000 ____D () C:\Program Files\iTunes
2014-08-12 09:14 - 2014-08-12 09:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-12 09:14 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 09:24 - 2014-08-07 09:24 - 00000959 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 09:56 - 2014-09-02 09:56 - 00000000 ____D () C:\FRST
2014-09-02 09:56 - 2014-09-02 09:55 - 00000000 ____D () C:\Users\Jared\Desktop\New folder
2014-09-02 09:55 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:55 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 09:51 - 2012-04-18 06:06 - 01724243 _____ () C:\windows\WindowsUpdate.log
2014-09-02 09:51 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-02 09:49 - 2012-10-24 17:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 09:48 - 2014-09-02 09:48 - 00001441 _____ () C:\Users\Jared\Desktop\AdwCleaner[S4].txt
2014-09-02 09:48 - 2013-11-22 10:49 - 00000029 _____ () C:\windows\SysWOW64\TempWmicBatchFile.bat
2014-09-02 09:48 - 2013-01-16 16:38 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Spotify
2014-09-02 09:47 - 2012-06-26 13:31 - 00000000 ___RD () C:\Users\Jared\Documents\Dropbox
2014-09-02 09:47 - 2012-06-26 13:22 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Dropbox
2014-09-02 09:46 - 2014-08-29 11:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-02 09:45 - 2012-04-18 07:01 - 00181235 _____ () C:\windows\system32\fastboot.set
2014-09-02 09:45 - 2012-04-18 06:57 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 09:45 - 2012-04-18 06:46 - 01070010 _____ () C:\FaceProv.log
2014-09-02 09:45 - 2012-04-18 06:46 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-02 09:44 - 2012-04-18 06:49 - 00944256 _____ () C:\windows\system32\TPHDLOG0.LOG
2014-09-02 09:43 - 2014-08-29 10:39 - 00000280 _____ () C:\windows\setupact.log
2014-09-02 09:43 - 2014-08-27 12:42 - 00008468 _____ () C:\windows\PFRO.log
2014-09-02 09:43 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-02 09:42 - 2014-08-27 10:26 - 00000000 ____D () C:\AdwCleaner
2014-09-02 09:28 - 2014-09-02 09:28 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 09:28 - 2014-08-28 08:28 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-02 09:28 - 2014-08-27 12:52 - 00021480 _____ () C:\windows\SecuniaPackage.log
2014-09-02 09:28 - 2014-06-26 12:42 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-02 09:28 - 2014-06-26 12:42 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-02 09:27 - 2012-04-18 06:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 09:17 - 2014-09-02 09:17 - 01364531 _____ () C:\Users\Jared\Desktop\adwcleaner_3.308.exe
2014-09-02 09:17 - 2014-09-02 09:17 - 00009977 _____ () C:\Users\Jared\Desktop\RKreport_DEL_09022014_091442.log
2014-09-02 09:04 - 2014-09-02 09:04 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-09-02 09:04 - 2014-09-02 09:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-02 09:03 - 2014-09-02 09:03 - 05427288 _____ () C:\Users\Jared\Desktop\RogueKillerX64.exe
2014-09-02 08:59 - 2014-08-29 13:21 - 00007168 _____ () C:\Users\Jared\Downloads\sales.xls
2014-09-02 08:59 - 2014-08-29 11:33 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0c0e8202-f70c-4023-b8eb-aaf9c8303e74.job
2014-09-02 08:59 - 2014-08-29 11:33 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 00720561-b5b6-448f-9fca-3fc4b43f4451.job
2014-09-02 08:59 - 2014-08-14 09:28 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-29 13:07 - 2014-08-29 13:06 - 05185536 _____ (AVAST Software) C:\Users\Jared\Downloads\aswmbr.exe
2014-08-29 13:05 - 2013-06-19 16:29 - 00000000 ____D () C:\Users\Jared\Desktop\Payroll
2014-08-29 13:01 - 2014-08-29 13:01 - 00030610 _____ () C:\ComboFix.txt
2014-08-29 13:01 - 2014-08-29 12:52 - 00000000 ____D () C:\ComboFix
2014-08-29 13:01 - 2014-08-27 11:16 - 00000000 ____D () C:\Qoobox
2014-08-29 13:00 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-08-29 12:36 - 2014-08-29 12:36 - 05576760 ____R (Swearware) C:\Users\Jared\Downloads\ComboFix.exe
2014-08-29 12:15 - 2014-08-29 11:27 - 16543855 _____ () C:\Users\Jared\Downloads\6gq5v4wn.exe
2014-08-29 11:33 - 2014-08-29 11:33 - 00003594 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 00720561-b5b6-448f-9fca-3fc4b43f4451
2014-08-29 11:33 - 2014-08-29 11:33 - 00003520 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0c0e8202-f70c-4023-b8eb-aaf9c8303e74
2014-08-29 11:33 - 2014-08-29 11:33 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\SUPERAntiSpyware.com
2014-08-29 11:33 - 2014-08-29 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-29 11:32 - 2014-08-29 11:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-29 11:32 - 2014-08-29 11:26 - 19056640 _____ (SUPERAntiSpyware) C:\Users\Jared\Downloads\SUPERAntiSpyware.exe
2014-08-29 11:22 - 2014-08-29 11:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jared\Downloads\tdsskiller.exe
2014-08-29 11:21 - 2014-08-29 11:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-29 11:21 - 2014-08-29 11:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-29 11:21 - 2014-08-29 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-29 11:21 - 2014-02-05 16:07 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-29 11:20 - 2014-08-29 11:17 - 13829304 _____ (Microsoft Corporation) C:\Users\Jared\Downloads\mseinstall.exe
2014-08-29 11:14 - 2014-08-29 11:11 - 00085883 _____ () C:\ProgramData\1409324942.7960.bin
2014-08-29 11:14 - 2014-08-29 11:09 - 00051457 _____ () C:\ProgramData\1409324942.4980.bin
2014-08-29 11:14 - 2014-08-29 11:09 - 00003576 _____ () C:\ProgramData\1409324942.4188.bin
2014-08-29 11:14 - 2014-08-29 10:37 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-29 11:11 - 2014-08-29 11:09 - 00117786 _____ () C:\ProgramData\1409324942.5728.bin
2014-08-29 11:11 - 2014-08-29 11:09 - 00003189 _____ () C:\ProgramData\1409324942.952.bin
2014-08-29 11:11 - 2014-08-29 11:09 - 00000991 _____ () C:\ProgramData\1409324942.5924.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00018029 _____ () C:\ProgramData\1409324942.5568.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00009193 _____ () C:\ProgramData\1409324942.5268.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00002726 _____ () C:\ProgramData\1409324942.3560.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00000739 _____ () C:\ProgramData\1409324942.4560.bin
2014-08-29 11:09 - 2014-08-29 11:09 - 00000739 _____ () C:\ProgramData\1409324942.3996.bin
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\QuickScan
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUISkin32.dll
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUISkin.dll
2014-08-29 10:59 - 2014-08-29 10:59 - 00000000 _____ () C:\windows\system32\BDSandBoxUH.dll
2014-08-29 10:47 - 2013-02-19 12:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-29 10:42 - 2013-01-16 16:40 - 00000000 ____D () C:\Users\Jared\AppData\Local\Spotify
2014-08-29 10:34 - 2014-08-29 10:33 - 06770064 _____ () C:\Users\Jared\Downloads\bitdefender_antivirus.exe
2014-08-28 16:38 - 2013-08-07 12:24 - 00001024 _____ () C:\.rnd
2014-08-28 08:49 - 2014-08-28 08:48 - 00688992 ____R (Swearware) C:\Users\Jared\Downloads\dds.com
2014-08-28 08:14 - 2009-07-14 00:45 - 00297944 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 15:25 - 2014-08-27 15:25 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-08-27 15:23 - 2014-08-27 15:23 - 01402880 _____ () C:\Users\Jared\Downloads\HiJackThis.msi
2014-08-27 15:22 - 2014-08-27 15:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 15:22 - 2014-08-27 15:21 - 02347384 _____ (ESET) C:\Users\Jared\Downloads\esetsmartinstaller_enu.exe
2014-08-27 15:21 - 2014-08-27 15:20 - 00000958 _____ () C:\Users\Jared\Downloads\SystemLook.txt
2014-08-27 15:19 - 2014-08-27 15:19 - 00165376 _____ () C:\Users\Jared\Downloads\SystemLook_x64.exe
2014-08-27 12:56 - 2014-08-27 11:15 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 12:44 - 2014-08-27 12:44 - 00000000 _____ () C:\windows\setuperr.log
2014-08-27 12:29 - 2014-08-27 12:29 - 01364531 _____ () C:\Users\Jared\Downloads\AdwCleaner.exe
2014-08-27 12:28 - 2014-08-27 12:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Jared\Downloads\rkill.exe
2014-08-27 12:26 - 2014-08-27 12:26 - 00022607 _____ () C:\Users\Jared\Downloads\Result.txt
2014-08-27 12:25 - 2014-08-27 12:25 - 00401920 _____ (Farbar) C:\Users\Jared\Downloads\MiniToolBox.exe
2014-08-27 12:25 - 2012-05-24 02:16 - 00000000 ____D () C:\Users\Jared\AppData\Local\Apps\2.0
2014-08-27 12:22 - 2014-08-27 12:22 - 00079952 _____ () C:\windows\cc_20140827_122242.reg
2014-08-27 12:22 - 2014-02-19 09:31 - 00000000 ____D () C:\windows\Minidump
2014-08-27 12:22 - 2011-02-22 07:19 - 00000000 ____D () C:\windows\Panther
2014-08-27 11:50 - 2014-08-27 10:19 - 00000000 ____D () C:\windows\pss
2014-08-27 11:50 - 2014-08-26 15:10 - 00000000 ____D () C:\ProgramData\wIFcbAX
2014-08-27 11:34 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-27 11:33 - 2014-08-27 11:16 - 00000000 ____D () C:\windows\erdnt
2014-08-27 11:27 - 2009-07-13 22:34 - 72351744 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-08-27 11:27 - 2009-07-13 22:34 - 20447232 _____ () C:\windows\system32\config\SYSTEM.bak
2014-08-27 11:27 - 2009-07-13 22:34 - 00786432 _____ () C:\windows\system32\config\DEFAULT.bak
2014-08-27 11:27 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-08-27 11:27 - 2009-07-13 22:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 11:15 - 2014-08-27 11:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-27 11:08 - 2014-08-27 11:08 - 00000000 ____D () C:\windows\ERUNT
2014-08-26 16:46 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-08-26 15:49 - 2014-08-26 15:30 - 00020869 _____ () C:\windows\wininit.ini
2014-08-26 15:47 - 2014-04-23 14:23 - 00000969 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-08-26 15:47 - 2013-05-23 15:14 - 00000907 _____ () C:\Users\Public\Desktop\WinSCP.lnk
2014-08-26 15:47 - 2013-02-11 11:06 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-08-26 15:08 - 2014-08-26 15:08 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-08-26 15:07 - 2014-08-26 15:07 - 00000000 ____D () C:\Users\Jared\AppData\Local\PETN
2014-08-26 15:07 - 2014-08-26 15:07 - 00000000 ____D () C:\Program Files (x86)\PETN
2014-08-26 14:04 - 2012-04-18 06:49 - 00125696 _____ () C:\windows\system32\TPAPSLOG.LOG
2014-08-22 22:07 - 2014-08-27 19:56 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 19:56 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 19:56 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 11:39 - 2012-06-26 13:23 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 11:36 - 2012-05-25 01:44 - 00000000 ____D () C:\Users\Jared\AppData\Local\CutePDF Writer
2014-08-15 03:12 - 2013-08-14 10:08 - 00000000 ____D () C:\windows\system32\MRT
2014-08-15 03:04 - 2012-06-11 08:38 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 09:28 - 2014-08-14 09:28 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 09:28 - 2014-08-14 09:28 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 09:28 - 2014-08-14 09:28 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-12 13:17 - 2012-10-16 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 13:16 - 2013-03-19 13:02 - 00000000 ____D () C:\Users\Jared\Documents\PhraseExpress
2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-12 09:15 - 2014-08-12 09:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 09:15 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\iTunes
2014-08-12 09:15 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-12 09:14 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 14:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-07 09:26 - 2012-10-31 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-07 09:26 - 2012-10-16 11:44 - 00002026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-07 09:24 - 2014-08-07 09:24 - 00000959 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2014-08-07 09:24 - 2012-10-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Inkscape
2014-08-06 10:19 - 2014-05-08 10:20 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\vlc
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\Jared\tsMS.reg
 
 
Some content of TEMP:
====================
C:\Users\Jared\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkijw7g.dll
C:\Users\Jared\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 09:44
 
==================== End Of Log ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 02 September 2014 - 01:07 PM



Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)


Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/online/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged OR needs to be updated.

Secunia has terminated the Online service.

For peronal usage they suggest that you download this tool.

Then we recommend that you download the Secunia Personal Software Inspector – the Secunia PSI.
It’s free, it detects any vulnerable software on your computer, and it automatically updates the vulnerable software to a secure version.
With the Secunia PSI on your PC you don’t have to remember to do regular scans to ensure that all your programs are secure – Secunia does it for you.


There is no need to run these at startup.
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
<<<>>>

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
BHO: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn64.dll ()
BHO-x32: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3331221&octid=EB_ORIGINAL_CTID&ISID=MB5C9B464-C39E-406F-B0C1-645CAA82CE8B&SearchSource=55&CUI=&UM=6&UP=SP99639A43-5215-448E-B5DA-068E1E5FE2A0&SSPV=
CHR DefaultSuggestURL: Profile 1 -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
C:\Users\Jared\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkijw7g.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#6 frrtbkr

frrtbkr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 02 September 2014 - 01:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Jared at 2014-09-02 14:21:20 Run:1
Running from C:\Users\Jared\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
BHO: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn64.dll ()
BHO-x32: PETN -> {DA9CF11D-76E2-4CB6-B958-7EC56CF0C623} -> C:\Program Files (x86)\PETN\petn.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3331221&octid=EB_ORIGINAL_CTID&ISID=MB5C9B464-C39E-406F-B0C1-645CAA82CE8B&SearchSource=55&CUI=&UM=6&UP=SP99639A43-5215-448E-B5DA-068E1E5FE2A0&SSPV=
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [56832 2014-08-21] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
C:\Users\Jared\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkijw7g.dll
 
End
*****************
 
[2276] C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe => Process closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA9CF11D-76E2-4CB6-B958-7EC56CF0C623}" => Key deleted successfully.
"HKCR\CLSID\{DA9CF11D-76E2-4CB6-B958-7EC56CF0C623}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA9CF11D-76E2-4CB6-B958-7EC56CF0C623}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DA9CF11D-76E2-4CB6-B958-7EC56CF0C623}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
Diagnostics => Service stopped successfully.
Diagnostics => Service deleted successfully.
Proxy => Service stopped successfully.
Proxy => Service deleted successfully.
catchme => Service deleted successfully.
lmimirr => Service deleted successfully.
"C:\Users\Jared\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkijw7g.dll" => File/Directory not found.
 
==== End of Fixlog ====


#7 frrtbkr

frrtbkr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 02 September 2014 - 01:33 PM

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 65  
 Java™ SE Runtime Environment 6 
 Java version out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Thunderbird (31.0.) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.102  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 03 September 2014 - 07:47 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65
Java™ SE Runtime Environment 6


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

HOW IS THE COMPUTER RUNNING NOW?

#9 frrtbkr

frrtbkr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 03 September 2014 - 08:20 AM

<<<>>>

HOW IS THE COMPUTER RUNNING NOW?

Excellent! Just finished doing the 2 updates you posted, and removing the old versions. Thank you for all of your help.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 03 September 2014 - 09:22 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:20 PM

Posted 03 September 2014 - 09:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users