Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess Rootkit Infection - Laptop Fan Full Speed Always


  • This topic is locked This topic is locked
19 replies to this topic

#1 fcabanski

fcabanski

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 18 September 2014 - 01:21 PM

Broni indicated I am infected with Zeroaccess:  http://www.bleepingcomputer.com/forums/t/548684/bluestacks-install-now-laptop-fan-constantly-runs-at-full/

 

The symptoms began after installing Bluestacks android emulator.  There were numerous popups and odd programs installed.  I removed programs, ran some virus cleaners (Spybot Search and Destroy, Malewarebytes Anti Malware, Avast).  The pop ups in Firefox were gone, but the fan was running at full power all the time.  In addition, programs are running slowly.  I run a game called Out of the Park Baseball.  That is a text based baseball simulator.  There are now pauses and hang ups in the play by play text display.

 

I posted in the Am I Infected forum, ran the indicated programs and procedures, and Broni said it is the Zeroaccess Rootkit.

 

I followed the guide http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/. but I could not start Windows Firewall.  Starting the service results in an error 1075.  The services indicated as needed for WF are running.  I tried the registry fix for Windows Firewall (#2) at this link:  http://www.winhelponline.com/blog/misc-registry-fixes-for-windows-7-xp-vista/.  It did not resolve the problem.

 

The DDS long follows.  The attach log is attached.

 

Thank you for your kind help.

 

- Frank

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.65.2
Run by fjc at 13:03:06 on 2014-09-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2055 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\runservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Users\fjc\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\CEntrance\Universal Driver\udaudcp.exe
C:\Users\fjc\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\LOGI_MWX.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = www.google.com
uSearch Page = www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: PDFXChange 4.0: {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PCShowServer] "C:\Users\fjc\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [udaudcp.exe] C:\Program Files\CEntrance\Universal Driver\udaudcp.exe /tray
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [uTorrent] "C:\Users\fjc\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Logitech Utility] LOGI_MWX.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ConvertAd] C:\Users\fjc\AppData\Local\ConvertAd\ConvertAd.exe
StartupFolder: C:\Users\fjc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.2.1 192.168.2.2
TCP: Interfaces\{3480F0E5-CFCF-4553-BE4C-E0A15C3AC22C} : DHCPNameServer = 192.168.2.1 192.168.2.2
TCP: Interfaces\{3480F0E5-CFCF-4553-BE4C-E0A15C3AC22C}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6} : DHCPNameServer = 192.168.2.1 192.168.2.2
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\2656C6B696E6E2266656E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\35D434752425134335D2E443F51405 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\4516C6C6341647D27657563747 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F1AE2B0A-C4D1-40EE-826B-B5ED0CCC8BA6}\C696E6B6379737 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\fjc\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\fjc\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\fjc\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\fjc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\fjc\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2012-02-25 17:58; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-19 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-19 224896]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-11 56208]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-7-19 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-7-19 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-16 283200]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-27 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-19 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-27 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-31 50344]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2014-8-25 22528]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-1-7 9216]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-26 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-26 2424424]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-7-7 2560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-1-26 72216]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-26 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-4-23 342528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-26 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;C:\Windows\System32\drivers\ceusbaud.sys [2012-6-26 161392]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-26 339048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-5-17 40696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 US122;US122 Driver;C:\Windows\System32\drivers\US122x64.sys [2012-6-27 200320]
S3 US122DL;US122 Firmware Downloader;C:\Windows\System32\drivers\US122DLx64.sys [2012-6-27 20224]
S3 US122WdmService;US122 Wdm Audio;C:\Windows\System32\drivers\US122Wdmx64.sys [2012-6-27 62976]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\PDFlite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2014-09-18 09:53:41    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2014-09-18 07:56:16    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 07:08:36    --------    d-----w-    C:\Program Files (x86)\ESET
2014-09-18 06:58:09    --------    d-----w-    C:\Windows\ERUNT
2014-09-17 20:49:37    --------    d-----w-    C:\AdwCleaner
2014-09-17 18:53:22    --------    d-----w-    C:\Program Files (x86)\mIRC
2014-09-17 18:29:01    --------    d-----w-    C:\NPE
2014-09-17 18:27:21    --------    d-----w-    C:\Users\fjc\AppData\Local\NPE
2014-09-16 05:50:36    --------    d-----w-    C:\Users\fjc\AppData\Roaming\MPC-HC
2014-09-16 05:50:20    --------    d-----w-    C:\Program Files\MPC-HC
2014-09-16 05:26:09    128728    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-16 05:25:55    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-16 05:25:55    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-16 05:25:55    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-16 05:25:55    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-09-16 05:25:55    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 22:18:46    --------    d-----w-    C:\Users\fjc\AppData\Local\Installer
2014-09-15 19:38:46    --------    d-----w-    C:\Users\fjc\AppData\Local\Plarium
2014-09-15 19:26:33    --------    d-----w-    C:\Program Files (x86)\snipsmart
2014-09-13 03:35:10    --------    d--h--w-    C:\$WINDOWS.~BT
2014-09-12 22:16:59    74864    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-09-10 09:43:21    17903792    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-01 19:03:21    --------    d-----w-    C:\Users\fjc\AppData\Roaming\DropboxMaster
2014-08-31 18:58:54    43152    ----a-w-    C:\Windows\avastSS.scr
2014-08-28 07:25:18    --------    d-----w-    C:\ProgramData\SystemRequirementsLab
2014-08-28 07:25:18    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2014-08-25 20:27:52    --------    d-----w-    C:\Users\fjc\AppData\Roaming\DAZ 3D
2014-08-25 20:26:53    --------    d-----w-    C:\ProgramData\DAZ 3D
2014-08-25 20:26:51    --------    d-----w-    C:\Program Files\DAZ 3D
2014-08-25 20:26:34    --------    d-----w-    C:\Program Files (x86)\DAZ 3D
2014-08-25 08:48:06    819560    ----a-w-    C:\Program Files\Common Files\System\SysMenu64.dll
2014-08-25 08:48:06    648040    ----a-w-    C:\Program Files\Common Files\System\SysMenu.dll
.
==================== Find3M  ====================
.
2014-09-18 17:47:13    1769    --sha-w-    C:\Windows\SysWow64\mmf.sys
2014-09-10 09:43:30    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 09:43:30    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-31 18:58:55    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-08-31 18:58:55    92008    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-08-31 18:58:55    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-31 18:58:55    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-08-31 18:58:55    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-08-31 18:58:55    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-08-31 18:58:55    1041168    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-07-11 08:02:05    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 13:03:39.25 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 19 September 2014 - 04:55 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 19 September 2014 - 05:16 PM

Here is the combofix log.

ComboFix 14-09-18.01 - fjc 09/19/2014  15:46:42.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2759 [GMT -5:00]
Running from: c:\users\fjc\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
---- Previous Run -------
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-19 to 2014-09-19  )))))))))))))))))))))))))))))))
.
.
2014-09-19 20:59 . 2014-09-19 20:59	--------	d-----w-	c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-09-19 20:59 . 2014-09-19 20:59	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2014-09-19 20:59 . 2014-09-19 20:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-19 19:54 . 2014-09-19 19:54	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2014-09-18 18:40 . 2014-09-18 18:40	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2014-09-18 09:53 . 2014-09-18 17:47	--------	d-----w-	c:\program files (x86)\SpeedFan
2014-09-18 07:56 . 2014-09-18 08:14	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-18 07:08 . 2014-09-18 07:08	--------	d-----w-	c:\program files (x86)\ESET
2014-09-18 06:58 . 2014-09-18 06:58	--------	d-----w-	c:\windows\ERUNT
2014-09-17 20:49 . 2014-09-17 20:51	--------	d-----w-	C:\AdwCleaner
2014-09-17 18:53 . 2014-09-17 18:53	--------	d-----w-	c:\program files (x86)\mIRC
2014-09-17 18:29 . 2014-09-17 18:29	--------	d-----w-	C:\NPE
2014-09-17 18:27 . 2014-09-17 18:49	--------	d-----w-	c:\users\fjc\AppData\Local\NPE
2014-09-16 05:50 . 2014-09-16 05:50	--------	d-----w-	c:\users\fjc\AppData\Roaming\MPC-HC
2014-09-16 05:50 . 2014-09-16 05:50	--------	d-----w-	c:\program files\MPC-HC
2014-09-16 05:26 . 2014-09-18 07:56	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-16 05:25 . 2014-09-18 07:55	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-16 05:25 . 2014-09-16 06:13	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-16 05:25 . 2014-09-16 05:25	--------	d-----w-	c:\programdata\Malwarebytes
2014-09-16 05:25 . 2014-05-12 12:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-16 05:25 . 2014-05-12 12:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-15 22:18 . 2014-09-15 22:18	--------	d-----w-	c:\users\fjc\AppData\Local\Installer
2014-09-15 19:38 . 2014-09-15 19:38	--------	d-----w-	c:\users\fjc\AppData\Local\Plarium
2014-09-15 19:26 . 2014-09-15 23:12	--------	d-----w-	c:\program files (x86)\snipsmart
2014-09-13 03:35 . 2014-09-13 03:35	--------	d-----w-	C:\$WINDOWS.~BT
2014-09-10 09:43 . 2014-09-10 09:43	17903792	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-01 19:03 . 2014-09-01 19:03	--------	d-----w-	c:\users\fjc\AppData\Roaming\DropboxMaster
2014-08-28 07:25 . 2014-08-28 07:25	--------	d-----w-	c:\programdata\SystemRequirementsLab
2014-08-28 07:25 . 2014-08-28 07:25	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2014-08-25 20:27 . 2014-08-25 20:27	--------	d-----w-	c:\users\fjc\AppData\Roaming\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\programdata\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\program files\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\program files (x86)\DAZ 3D
2014-08-25 08:48 . 2014-08-25 08:48	819560	----a-w-	c:\program files\Common Files\System\SysMenu64.dll
2014-08-25 08:48 . 2014-08-25 08:48	648040	----a-w-	c:\program files\Common Files\System\SysMenu.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 09:43 . 2012-04-16 16:43	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 09:43 . 2011-10-16 02:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-01 19:00 . 2011-03-29 01:36	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-11 08:02 . 2014-07-22 07:08	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\fjc\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"udaudcp.exe"="c:\program files\CEntrance\Universal Driver\udaudcp.exe" [2012-06-26 258672]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 19968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"ConvertAd"="c:\users\fjc\AppData\Local\ConvertAd\ConvertAd.exe" [BU]
.
c:\users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys;c:\windows\SYSNATIVE\drivers\ceusbaud.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122x64.sys;c:\windows\SYSNATIVE\Drivers\US122x64.sys [x]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DLx64.sys;c:\windows\SYSNATIVE\Drivers\US122DLx64.sys [x]
R3 US122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdmx64.sys;c:\windows\SYSNATIVE\Drivers\US122Wdmx64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
msiexec [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 09:43]
.
2014-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001Core.job
- c:\users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 05:48]
.
2014-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001UA.job
- c:\users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 05:48]
.
2014-09-19 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-09-20 09:11]
.
2014-09-19 c:\windows\Tasks\HPCeeScheduleForfjc.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-10-31 43320]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.2
FF - ProfilePath - c:\users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-02-25 17:58; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Software Updater - c:\users\fjc\AppData\Roaming\Software Updater\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2440430310-1066896749-2309528628-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A24CE0E7-9B80-7DAE-22DC-E5310C77E876}*]
"haiidlbmgkhmjeef"=hex:66,61,6e,65,69,62,67,70,62,6b,70,70,00,00
"ialhccabceeeonmooo"=hex:6a,61,70,64,6e,68,65,66,66,67,64,68,61,6b,64,6a,69,68,
   62,64,00,00
"hafhaifmmaeinian"=hex:6a,61,70,64,6e,68,65,66,66,67,64,68,61,6b,64,6a,69,68,
   62,64,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
   a2
"2"=hex:78,8d,d3,1c,b2,90,ec,1b,1c,a2,64,53,4e,84,1e,9f,b2,06,e9,13,e4,09,2a,
   70,ff,5a,3e,81,53,c0,ed,2f
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
   eb,1f,7e,9d,60,67,ee,fe,dc,98,a6,4b,00,e5,79,95,b3,c7,72,a7,45,af,1f,6c,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\A328A1DBBC554536F4620A6DA30B78D7]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,21,2d,1d,eb,f1,a6,3a,63
"2"=hex:53,1a,4b,a3,39,53,54,87
"3"=hex:86,8d,ca,3e,b8,e6,79,4b,4b,ff,01,7c,ca,4e,e4,3b,d0,a0,35,bb,59,7b,23,
   e1,91,de,11,4c,c0,31,61,82,59,3f,a6,35,76,f9,22,7f,de,12,e7,9b,3d,16,13,c2,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,98,85,15,eb,69,fa,51,7d,68,76,69,35,8e,78,a8,ea,46,33,52,c9,80,90,92,81,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
   50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,24,52,7f,86,24,1e,fd,cc,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
   c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
   76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
   07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
   1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
   d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
   d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\05\18\145\08?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-19  16:34:35
ComboFix-quarantined-files.txt  2014-09-19 21:34
.
Pre-Run: 328,180,080,640 bytes free
Post-Run: 327,840,251,904 bytes free
.
- - End Of File - - 6AA9D1391612558A4EFC5F20FB3A3912



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 22 September 2014 - 03:58 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 22 September 2014 - 03:44 PM

Combofix Log

ComboFix 14-09-22.01 - fjc 09/22/2014  14:30:14.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2622 [GMT -5:00]
Running from: c:\users\fjc\Desktop\ComboFix.exe
Command switches used :: c:\users\fjc\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected 
Restored copy from - c:\windows\erdnt\cache64\services.exe 
.
--------
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-22 to 2014-09-22  )))))))))))))))))))))))))))))))
.
.
2014-09-22 19:41 . 2014-09-22 19:41	--------	d-----w-	c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-09-22 19:41 . 2014-09-22 19:41	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2014-09-22 19:41 . 2014-09-22 19:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-22 19:41 . 2014-09-22 19:41	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-09-19 19:54 . 2014-09-19 19:54	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2014-09-18 18:40 . 2014-09-18 18:40	27256	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2014-09-18 09:53 . 2014-09-18 17:47	--------	d-----w-	c:\program files (x86)\SpeedFan
2014-09-18 07:56 . 2014-09-18 08:14	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-18 07:08 . 2014-09-18 07:08	--------	d-----w-	c:\program files (x86)\ESET
2014-09-18 06:58 . 2014-09-18 06:58	--------	d-----w-	c:\windows\ERUNT
2014-09-17 20:49 . 2014-09-17 20:51	--------	d-----w-	C:\AdwCleaner
2014-09-17 18:53 . 2014-09-17 18:53	--------	d-----w-	c:\program files (x86)\mIRC
2014-09-17 18:29 . 2014-09-17 18:29	--------	d-----w-	C:\NPE
2014-09-17 18:27 . 2014-09-17 18:49	--------	d-----w-	c:\users\fjc\AppData\Local\NPE
2014-09-16 05:50 . 2014-09-16 05:50	--------	d-----w-	c:\users\fjc\AppData\Roaming\MPC-HC
2014-09-16 05:50 . 2014-09-16 05:50	--------	d-----w-	c:\program files\MPC-HC
2014-09-16 05:26 . 2014-09-18 07:56	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-16 05:25 . 2014-09-18 07:55	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-16 05:25 . 2014-09-16 06:13	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-16 05:25 . 2014-09-16 05:25	--------	d-----w-	c:\programdata\Malwarebytes
2014-09-16 05:25 . 2014-05-12 12:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-16 05:25 . 2014-05-12 12:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-15 22:18 . 2014-09-15 22:18	--------	d-----w-	c:\users\fjc\AppData\Local\Installer
2014-09-15 19:38 . 2014-09-15 19:38	--------	d-----w-	c:\users\fjc\AppData\Local\Plarium
2014-09-15 19:26 . 2014-09-15 23:12	--------	d-----w-	c:\program files (x86)\snipsmart
2014-09-13 03:35 . 2014-09-13 03:35	--------	d-----w-	C:\$WINDOWS.~BT
2014-09-10 09:43 . 2014-09-10 09:43	17903792	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-01 19:03 . 2014-09-01 19:03	--------	d-----w-	c:\users\fjc\AppData\Roaming\DropboxMaster
2014-08-28 07:25 . 2014-08-28 07:25	--------	d-----w-	c:\programdata\SystemRequirementsLab
2014-08-28 07:25 . 2014-08-28 07:25	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2014-08-25 20:27 . 2014-08-25 20:27	--------	d-----w-	c:\users\fjc\AppData\Roaming\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\programdata\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\program files\DAZ 3D
2014-08-25 20:26 . 2014-08-25 20:26	--------	d-----w-	c:\program files (x86)\DAZ 3D
2014-08-25 08:48 . 2014-08-25 08:48	819560	----a-w-	c:\program files\Common Files\System\SysMenu64.dll
2014-08-25 08:48 . 2014-08-25 08:48	648040	----a-w-	c:\program files\Common Files\System\SysMenu.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 09:43 . 2012-04-16 16:43	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 09:43 . 2011-10-16 02:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-01 19:00 . 2011-03-29 01:36	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-11 08:02 . 2014-07-22 07:08	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\fjc\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"udaudcp.exe"="c:\program files\CEntrance\Universal Driver\udaudcp.exe" [2012-06-26 258672]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 19968]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CEUSBAudioSrv;CEntrance USB Audio Driver Service;c:\windows\system32\drivers\ceusbaud.sys;c:\windows\SYSNATIVE\drivers\ceusbaud.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122x64.sys;c:\windows\SYSNATIVE\Drivers\US122x64.sys [x]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DLx64.sys;c:\windows\SYSNATIVE\Drivers\US122DLx64.sys [x]
R3 US122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdmx64.sys;c:\windows\SYSNATIVE\Drivers\US122Wdmx64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
msiexec [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 09:43]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001Core.job
- c:\users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 05:48]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001UA.job
- c:\users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 05:48]
.
2014-09-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-09-20 09:11]
.
2014-09-19 c:\windows\Tasks\HPCeeScheduleForfjc.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-10-31 43320]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.2
FF - ProfilePath - c:\users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-02-25 17:58; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Software Updater - c:\users\fjc\AppData\Roaming\Software Updater\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2440430310-1066896749-2309528628-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A24CE0E7-9B80-7DAE-22DC-E5310C77E876}*]
"haiidlbmgkhmjeef"=hex:66,61,6e,65,69,62,67,70,62,6b,70,70,00,00
"ialhccabceeeonmooo"=hex:6a,61,70,64,6e,68,65,66,66,67,64,68,61,6b,64,6a,69,68,
   62,64,00,00
"hafhaifmmaeinian"=hex:6a,61,70,64,6e,68,65,66,66,67,64,68,61,6b,64,6a,69,68,
   62,64,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
   a2
"2"=hex:78,8d,d3,1c,b2,90,ec,1b,1c,a2,64,53,4e,84,1e,9f,b2,06,e9,13,e4,09,2a,
   70,ff,5a,3e,81,53,c0,ed,2f
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
   eb,1f,7e,9d,60,67,ee,fe,dc,98,a6,4b,00,e5,79,95,b3,c7,72,a7,45,af,1f,6c,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\A328A1DBBC554536F4620A6DA30B78D7]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,21,2d,1d,eb,f1,a6,3a,63
"2"=hex:53,1a,4b,a3,39,53,54,87
"3"=hex:86,8d,ca,3e,b8,e6,79,4b,4b,ff,01,7c,ca,4e,e4,3b,d0,a0,35,bb,59,7b,23,
   e1,91,de,11,4c,c0,31,61,82,59,3f,a6,35,76,f9,22,7f,de,12,e7,9b,3d,16,13,c2,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,98,85,15,eb,69,fa,51,7d,68,76,69,35,8e,78,a8,ea,46,33,52,c9,80,90,92,81,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
   50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,24,52,7f,86,24,1e,fd,cc,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
   c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
   76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
   07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
   1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
   51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
   d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
   d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\05\18\145\08?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-22  15:16:04
ComboFix-quarantined-files.txt  2014-09-22 20:16
ComboFix2.txt  2014-09-19 21:34
.
Pre-Run: 324,258,779,136 bytes free
Post-Run: 323,937,247,232 bytes free
.
- - End Of File - - FF2C31ECAD2F16CE23498E9DF9B2EF47

Maleware Bytes found no infected files.  Here is the log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2014
Scan Time: 3:19:26 PM
Logfile: malewarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.22.07
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fjc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 440012
Time Elapsed: 15 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 23 September 2014 - 07:46 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 23 September 2014 - 01:12 PM

BTW, are all these scans supposed to be deleting data?  The more scans I've done the more of emails, program data, saved files I've lost.  Is the software deleting the files marked for "move"?

 

2014-09-20 22:45 - 2012-02-09 06:42 - 00000000 ____D () C:\Users\fjc\Documents\Bills
2014-09-20 22:45 - 2012-02-09 06:38 - 00003442 _____ () C:\Users\fjc\Documents\NUMBERS.txt

 

Those contain information about bills including the web addresses for the sites I use for viewing and paying bills.  I can't lose those files.
 

Here is the addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2014
Ran by fjc at 2014-09-23 13:00:56
Running from C:\Users\fjc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version:  - Blurb, Inc)
Bowl Bound College Football Demo (HKLM-x32\...\Bowl Bound College Football Demo) (Version:  - )
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{5BE337EE-3815-4E5A-993D-B8C2546B69CF}) (Version: 1.0.0 - Kovid Goyal)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CEntrance Universal Audio Driver (HKLM\...\CEntrance Universal Audio Driver) (Version: 7.4.2 - CEntrance)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.4422 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}) (Version: 4.00 - DIRECTV)
DIRECTV2PC(TM) (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC(TM) (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Duplicate Cleaner Free 3.0.1 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.0.1 - DigitalVolcano) <==== ATTENTION
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Fast Break College Basketball 2010 Demo (HKLM-x32\...\Fast Break College Basketball 2010 Demo_is1) (Version:  - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Football Mogul 2012 (HKLM-x32\...\{D75326C0-B21F-11DF-6DF1-096C35431649}) (Version: 9.5.2.0 - Sports Mogul Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.4.3 - Ellora Assets Corporation)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.55.0 - International GeoGebra Institute)
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{EB94EF62-E46A-495E-AF31-69D1CB3B46EA}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Launch Box (HKLM\...\{C4EACDFC-4BD3-4553-8445-A55B55818835}) (Version: 1.0.14 - Hewlett-Packard Company)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass PE 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Infinite Calculus (x32 Version: 1.00.44 - Kuta Software LLC) Hidden
Infinite Calculus Trial (HKLM-x32\...\Infinite Calculus 1.00.44) (Version: 1.00.44 - Kuta Software LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iZotope RX 2 (HKLM-x32\...\iZotope RX 2_is1) (Version: 2.10 - iZotope, Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech MouseWare 9.79.1  (HKLM-x32\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
LyX 2.0.6 (HKLM-x32\...\LyX206) (Version: 2.0.6 - LyX Team)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (x32 Version: 2.0.271.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
MLBAM Stringer (HKLM-x32\...\{68AF9EAC-3C14-4190-9462-590D8B5E4CE5}) (Version: 8.0.5 - MLB Advanced Media)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Out of the Park Baseball 15 (HKLM-x32\...\Out of the Park Baseball15) (Version: 15 - Out of the Park Developments)
Pdf Editor (HKLM-x32\...\{729E66B3-1B80-4F3F-8D59-341A89633E0A}_is1) (Version:  - )
Pdf Editor (HKLM-x32\...\{739126B3-1B80-4F1F-8D59-312A19633E1A}_is1) (Version:  - )
PDF ePub DRM Removal (HKLM-x32\...\PDFePubRMRemoval) (Version: 1.4.1 - eBook Converter)
PDFlite 0.9.1.0 (HKLM-x32\...\PDFlite) (Version: 0.9.1.0 - Amnis Technology Ltd)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.200.200.0 - Tracker Software Products Ltd)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PreSonus Studio One 2 x64 (HKLM\...\PreSonus Studio One 2) (Version: 2.5.1.21166 - PreSonus Audio Electronics)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{19CA39E9-BBE4-4CD2-B3E9-0AC904030A09}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SharedMinds Desktop (HKLM-x32\...\SharedMinds Desktop_is1) (Version: 0.4.8 - Rainer Falle)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Software Updater (HKLM-x32\...\Software Updater) (Version: 1.0.0.4 - Auto-Update.me)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.17.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
US122 Driver 3.40 (HKLM\...\US122 Driver_is1) (Version: 3.40 - Frontier Design Group, LLC)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wrestling MPire Remix (Management)  (HKLM-x32\...\Wrestling MPire Remix (Management)) (Version:  - MDickie)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fjc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\fjc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\fjc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2440430310-1066896749-2309528628-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\fjc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

18-09-2014 08:13:18 Malwarebytes Anti-Rootkit Restore Point
19-09-2014 19:52:36 avast! antivirus system restore point
22-09-2014 18:30:34 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-02-25 14:12 - 2014-09-22 14:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04190C12-5299-461F-9728-D3E7920C2EEC} - System32\Tasks\Installer_sm => C:\Users\fjc\AppData\Local\Installer\Installsm_41\DCgetfileg.ash <==== ATTENTION
Task: {091232AF-A85F-4388-A0B8-F9F24B6A624B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {13560599-6BEF-4577-A0B0-D58D58CF4C21} - System32\Tasks\HPCeeScheduleForfjc => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1EE2B392-A142-4806-BED2-E1390D40BD5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {27A46A97-AD31-444B-A48F-9E132BE21C64} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {4489D15B-462E-4809-920A-5221E2834FFE} - System32\Tasks\AdobeAAMUpdater-1.0-fjc-HP-fjc => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6167861D-4838-4242-A7D7-85F09A96C0C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6F241D79-5F93-4E11-B543-97136209F7B6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {71B3CC7B-B7E0-4C4A-9BF4-D8654160E29A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001Core => C:\Users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {86649163-03B4-4E75-B065-ECFBA3933714} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {B2906C70-36E0-4FBE-AEB2-D0999ED6ED70} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] ()
Task: {BA6EF8B4-B1BE-4004-B9A3-B4162CA16566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {BE76CFDA-C0CC-4C2D-9BEE-0B9F6CD981AC} - System32\Tasks\Installer_shopperpro => C:\Users\fjc\AppData\Local\Installer\Installshopperpro_41\DCgetfileg.ash <==== ATTENTION
Task: {C1B48E37-0F7C-4D00-8707-E53379702FF4} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {C2F83583-47A3-4B3E-B306-88CE2385CB1C} - System32\Tasks\Installer_cr => C:\Users\fjc\AppData\Local\Installer\Installcr_41\DCgetfileg.ash <==== ATTENTION
Task: {CD248DFD-4BD5-4F18-A62B-F8B00C7C0BA4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {D6BF88C6-0751-4B43-859D-888A793170FB} - System32\Tasks\Driver Booster SkipUAC (fjc) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {D7F31C2C-B035-48AF-BC0D-6B53FF86B441} - \PastaQuotes No Task File <==== ATTENTION
Task: {DAE63B3F-9C89-42C6-BA21-8889926C6F8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001UA => C:\Users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {DB6B80BD-13D0-4A3A-B579-390F25B593F5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001Core.job => C:\Users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001UA.job => C:\Users\fjc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfjc.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-06 22:26 - 2013-08-26 07:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2009-09-17 19:40 - 2009-09-17 19:40 - 00075048 ____N () C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
2014-08-25 15:26 - 2011-05-05 15:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-08-25 15:26 - 2011-05-05 15:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-08-25 15:26 - 2011-05-05 15:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-08-25 15:26 - 2011-05-05 15:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-08-25 15:26 - 2011-05-05 15:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2011-08-09 10:44 - 2011-08-09 10:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-14 04:04 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 17:19 - 2012-02-21 16:41 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-12-26 17:57 - 2011-12-26 17:57 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2c3ee4339f14af1e4dfc45a8964dedfb\IsdiInterop.ni.dll
2011-12-26 17:57 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-19 00:59 - 2014-09-19 00:59 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2014 02:25:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 02:15:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/22/2014 01:43:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 01:04:17 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/19/2014 04:54:40 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/19/2014 03:44:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/19/2014 03:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 01:41:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 00:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 00:58:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Faulting module name: HPMSGSVC.exe, version: 2.7.2.0, time stamp: 0x4f544ff4
Exception code: 0xc0000005
Fault offset: 0x0000399f
Faulting process id: 0x1264
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3


System errors:
=============
Error: (09/22/2014 05:13:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/22/2014 02:41:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/22/2014 02:35:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/22/2014 02:29:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LicCtrl Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2014 02:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2014 02:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2014 02:24:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/22/2014 01:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3

Error: (09/22/2014 01:41:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/22/2014 01:37:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (12/27/2012 05:43:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 226 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/21/2012 01:54:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/19/2012 05:16:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 953 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (11/19/2012 05:00:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 429 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-19 15:56:54.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 15:56:54.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 15:56:54.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 15:56:54.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 15:03:28.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 15:03:28.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 48%
Total physical RAM: 4043.86 MB
Available physical RAM: 2068.56 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5827.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.8 GB) (Free:301.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.8 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6F916D90)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

Here is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by fjc (administrator) on FJC-HP on 23-09-2014 13:00:05
Running from C:\Users\fjc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(CEntrance, Inc.) C:\Program Files\CEntrance\Universal Driver\udaudcp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Logitech Inc.) C:\Windows\LOGI_MWX.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Logitech Utility] => C:\Windows\LOGI_MWX.EXE [19968 2003-12-17] (Logitech Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2440430310-1066896749-2309528628-1001\...\Run: [PCShowServer] => C:\Users\fjc\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-04-02] (NDS Technologies)
HKU\S-1-5-21-2440430310-1066896749-2309528628-1001\...\Run: [udaudcp.exe] => C:\Program Files\CEntrance\Universal Driver\udaudcp.exe [258672 2012-06-26] (CEntrance, Inc.)
HKU\S-1-5-21-2440430310-1066896749-2309528628-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fjc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {88FE8E94-376F-4754-B9C6-4D2D23A00AC7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Software Products Ltd.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} ->  No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Software Products Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.2

FireFox:
========
FF ProfilePath: C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @nds.com/PCShowPlugin -> C:\Users\fjc\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\fjc\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\fjc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\fjc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\fjc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\fjc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\fjc\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\fjc\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\fjc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\fjc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\searchplugins\bing-avast.xml
FF Extension: HP Detect - C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-07-21]
FF Extension: Adblock Plus - C:\Users\fjc\AppData\Roaming\Mozilla\Firefox\Profiles\wo3a0xba.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-13]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-02-25]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-01-07]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-01-07]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> search.conduit.com_
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultNewTabURL: Default -> https://search.conduit.com/?gd=&ctid=CT3306061&octid=CT3306061&ISID=ISID_ID&SearchSource=15&CUI=UN17729431832378310&SSPV=&lay=3&p=cnts&UM=2&SAT=CNTS
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN17729431832378310&UM=2
CHR Profile: C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-01]
CHR Extension: (No Name) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-09-15]
CHR Extension: (Google Search) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-01]
CHR Extension: (Google Wallet) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\fjc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-01]
CHR StartMenuInternet: Google Chrome - C:\Users\fjc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2012-12-28] (Ellora Assets Corp.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
S2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-07-07] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CEUSBAudioSrv; C:\Windows\System32\drivers\ceusbaud.sys [161392 2012-06-26] (CEntrance, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-16] (DT Soft Ltd)
S4 LMIRfsClientNP; No ImagePath
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-17] (Windows (R) Win 7 DDK provider)
S3 US122; C:\Windows\System32\Drivers\US122x64.sys [200320 2007-08-29] (Frontier Design Group, LLC)
S3 US122DL; C:\Windows\System32\Drivers\US122DLx64.sys [20224 2007-08-29] (Frontier Design Group)
S3 US122WdmService; C:\Windows\System32\Drivers\US122Wdmx64.sys [62976 2007-08-29] (Frontier Design Group, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 13:00 - 2014-09-23 13:00 - 00024402 _____ () C:\Users\fjc\Desktop\FRST.txt
2014-09-23 13:00 - 2014-09-23 13:00 - 00000000 ____D () C:\FRST
2014-09-23 12:58 - 2014-09-23 12:58 - 02106368 _____ (Farbar) C:\Users\fjc\Desktop\FRST64.exe
2014-09-22 15:16 - 2014-09-22 15:16 - 00026214 _____ () C:\ComboFix.txt
2014-09-20 14:35 - 2014-09-20 14:35 - 00000251 _____ () C:\Users\fjc\Desktop\mud.txt
2014-09-19 14:51 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-19 14:51 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-19 14:51 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-19 14:51 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-19 14:51 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-19 14:51 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-19 14:51 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-19 14:51 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-19 14:48 - 2014-09-22 15:16 - 00000000 ____D () C:\Qoobox
2014-09-19 14:47 - 2014-09-22 14:21 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 14:42 - 2014-09-22 13:29 - 05579290 ____R (Swearware) C:\Users\fjc\Desktop\ComboFix.exe
2014-09-19 00:59 - 2014-09-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 13:40 - 2014-09-18 13:40 - 01805736 _____ (Symantec Corporation) C:\Users\fjc\Downloads\FixZeroAccess.exe
2014-09-18 13:40 - 2014-09-18 13:40 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-09-18 13:03 - 2014-09-18 13:03 - 00008662 _____ () C:\Users\fjc\Desktop\attach.txt
2014-09-18 13:01 - 2014-09-18 13:01 - 00688992 ____R (Swearware) C:\Users\fjc\Desktop\dds.com
2014-09-18 13:00 - 2014-09-18 13:00 - 00001150 _____ () C:\Users\fjc\Downloads\w7-wscsvc.zip
2014-09-18 04:53 - 2014-09-18 12:47 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-18 04:53 - 2014-09-18 04:53 - 02174848 _____ () C:\Users\fjc\Downloads\instsf450.exe
2014-09-18 04:53 - 2014-09-18 04:53 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-09-18 04:53 - 2014-09-18 04:53 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-18 04:53 - 2014-09-18 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-18 03:19 - 2014-09-18 03:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\fjc\Downloads\rkill.exe
2014-09-18 02:56 - 2014-09-18 03:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 02:55 - 2014-09-18 03:14 - 00000000 ____D () C:\Users\fjc\Desktop\mbar
2014-09-18 02:28 - 2014-09-18 02:28 - 00401920 _____ (Farbar) C:\Users\fjc\Downloads\MiniToolBox(1).exe
2014-09-18 02:26 - 2014-09-22 15:40 - 00000000 ____D () C:\Users\fjc\Desktop\Virus
2014-09-18 02:15 - 2014-09-18 02:15 - 00854417 _____ () C:\Users\fjc\Downloads\SecurityCheck.exe
2014-09-18 02:08 - 2014-09-18 02:08 - 02347384 _____ (ESET) C:\Users\fjc\Downloads\esetsmartinstaller_enu.exe
2014-09-18 02:08 - 2014-09-18 02:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 02:06 - 2014-09-18 02:06 - 00005122 _____ () C:\Users\fjc\Desktop\JRT.txt
2014-09-18 01:58 - 2014-09-18 01:58 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 01:57 - 2014-09-18 01:57 - 01016830 _____ (Thisisu) C:\Users\fjc\Downloads\JRT.exe
2014-09-17 15:52 - 2014-09-22 14:24 - 00000560 _____ () C:\Windows\setupact.log
2014-09-17 15:52 - 2014-09-22 13:42 - 00702158 _____ () C:\Windows\PFRO.log
2014-09-17 15:52 - 2014-09-17 15:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 15:49 - 2014-09-17 15:51 - 00000000 ____D () C:\AdwCleaner
2014-09-17 15:46 - 2014-09-17 15:46 - 01373475 _____ () C:\Users\fjc\Downloads\AdwCleaner.exe
2014-09-17 15:44 - 2014-09-17 15:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\fjc\Downloads\tdsskiller.exe
2014-09-17 15:43 - 2014-09-18 02:29 - 00037774 _____ () C:\Users\fjc\Downloads\Result.txt
2014-09-17 15:43 - 2014-09-17 15:43 - 00401920 _____ (Farbar) C:\Users\fjc\Downloads\MiniToolBox.exe
2014-09-17 14:01 - 2014-09-17 14:01 - 04901352 _____ (Piriform Ltd) C:\Users\fjc\Downloads\ccsetup417.exe
2014-09-17 13:53 - 2014-09-17 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-09-17 13:53 - 2014-09-17 13:53 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-09-17 13:52 - 2014-09-17 13:53 - 02270984 _____ (mIRC Co. Ltd.) C:\Users\fjc\Downloads\mirc736.exe
2014-09-17 13:29 - 2014-09-17 13:29 - 00000000 ____D () C:\NPE
2014-09-17 13:27 - 2014-09-17 13:49 - 00000000 ____D () C:\Users\fjc\AppData\Local\NPE
2014-09-17 13:27 - 2014-09-17 13:27 - 03060320 ____N (Symantec Corporation) C:\Users\fjc\Downloads\NPE.exe
2014-09-17 13:24 - 2014-09-17 13:24 - 02476596 _____ (Trend Micro Inc.) C:\Users\fjc\Downloads\HousecallLauncher64.exe
2014-09-17 13:24 - 2014-09-17 13:24 - 00000036 _____ () C:\Users\fjc\AppData\Local\housecall.guid.cache
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\MPC-HC
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\Program Files\MPC-HC
2014-09-16 00:49 - 2014-09-16 00:49 - 11775336 _____ (MPC-HC Team ) C:\Users\fjc\Downloads\MPC-HC.1.7.6.x64.exe
2014-09-16 00:26 - 2014-09-22 15:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 00:25 - 2014-09-18 02:55 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-16 00:25 - 2014-09-16 01:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-16 00:25 - 2014-09-16 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 00:25 - 2014-09-16 00:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\fjc\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 00:25 - 2014-09-16 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 00:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-16 00:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 17:59 - 2014-09-15 18:05 - 00000000 ____D () C:\Users\fjc\Downloads\HP.Season.01
2014-09-15 17:18 - 2014-09-15 17:18 - 00004314 _____ () C:\Windows\System32\Tasks\Installer_shopperpro
2014-09-15 17:18 - 2014-09-15 17:18 - 00004282 _____ () C:\Windows\System32\Tasks\Installer_sm
2014-09-15 17:18 - 2014-09-15 17:18 - 00004282 _____ () C:\Windows\System32\Tasks\Installer_cr
2014-09-15 17:18 - 2014-09-15 17:18 - 00003564 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-15 14:38 - 2014-09-15 14:38 - 00000000 ____D () C:\Users\fjc\AppData\Local\Plarium
2014-09-15 14:35 - 2014-09-15 14:35 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\fjc\Downloads\BlueStacks-SplitInstaller_native_b.exe
2014-09-15 14:26 - 2014-09-15 18:12 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-09-12 22:35 - 2014-09-12 22:35 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-12 22:02 - 2014-09-12 22:35 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-12 22:02 - 2014-09-12 22:35 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-12 21:43 - 2014-09-18 03:15 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 21:42 - 2014-09-12 21:42 - 00631208 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\fjc\Downloads\rufus-1.4.10.exe
2014-09-12 21:35 - 2014-09-12 21:35 - 02721168 _____ (Microsoft Corporation) C:\Users\fjc\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2014-09-12 02:33 - 2014-09-12 02:33 - 01943543 _____ () C:\Users\fjc\Downloads\NBA_2K14_Manual_PC.zip
2014-09-11 17:43 - 2014-09-11 17:44 - 00000000 ____D () C:\Users\fjc\Desktop\RT
2014-09-11 17:43 - 2014-09-11 17:43 - 00330853 _____ () C:\Users\fjc\Downloads\RealTemp_370.zip
2014-09-11 15:35 - 2014-09-15 01:52 - 00000000 ____D () C:\Users\fjc\Downloads\Windows 8.1 Update 1 Pro X64 PreActivated
2014-09-10 04:43 - 2014-09-10 04:43 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 13:38 - 2014-09-10 00:22 - 00000000 ____D () C:\Users\fjc\Desktop\New PC
2014-09-09 01:41 - 2014-09-10 01:09 - 00018289 _____ () C:\Users\fjc\Desktop\New PC.ods
2014-09-08 12:11 - 2014-09-08 12:11 - 00000018 _____ () C:\Users\fjc\Desktop\Hankster.txt
2014-09-05 15:46 - 2014-09-05 15:46 - 00000041 _____ () C:\Users\fjc\Desktop\alarm.txt
2014-09-04 02:27 - 2014-09-04 02:31 - 207512102 _____ () C:\Users\fjc\Downloads\MD4_Personal_1_4_53_8519_Installer_x64.exe
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\DropboxMaster
2014-08-31 01:42 - 2014-08-31 02:04 - 39427811 ____R () C:\Users\fjc\Downloads\IM00017617-01_Jayden6.zip
2014-08-31 01:18 - 2014-08-31 01:43 - 00000000 ____D () C:\Users\fjc\Downloads\Aiko 6 Pro Bundle
2014-08-31 00:25 - 2014-08-31 00:58 - 00000000 ____D () C:\Users\fjc\Downloads\DAZ3D - Poser - Lee Pro Bundle(19221) DIM G2M
2014-08-31 00:11 - 2014-08-31 00:11 - 00000000 ____D () C:\Users\fjc\Downloads\daz 16570 Shape Shift Bundle
2014-08-29 15:16 - 2014-08-29 15:16 - 00017325 _____ () C:\Users\fjc\Desktop\Computer.ods
2014-08-28 02:25 - 2014-08-28 02:25 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-08-28 02:25 - 2014-08-28 02:25 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-26 00:34 - 2014-08-26 01:11 - 00000000 ____D () C:\Users\fjc\Downloads\Michael 6 Pro Bundle
2014-08-25 15:50 - 2014-08-25 15:51 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library
2014-08-25 15:32 - 2014-08-25 15:32 - 00000000 ____D () C:\Users\Public\Documents\DAZ 3D
2014-08-25 15:27 - 2014-08-25 15:27 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-08-25 15:27 - 2014-08-25 15:27 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\ProgramData\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\Program Files\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\Program Files (x86)\DAZ 3D
2014-08-25 15:23 - 2014-08-25 15:24 - 55977640 _____ (DAZ 3D) C:\Users\fjc\Downloads\DAZ3DIM_1.1.0.27_Win32.exe
2014-08-25 15:07 - 2014-08-25 15:07 - 15511656 _____ (DAZ 3D) C:\Users\fjc\Downloads\DSON_Importer_for_Poser_1.1.3.50_Win64.exe
2014-08-25 15:06 - 2014-08-25 15:06 - 14163680 _____ (DAZ 3D) C:\Users\fjc\Downloads\DSON_Importer_for_Poser_1.1.3.50_Win32.exe
2014-08-24 14:20 - 2014-08-24 14:20 - 00000000 ____D () C:\Users\fjc\Downloads\M4 Elite Bundle

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 13:00 - 2014-09-23 13:00 - 00024402 _____ () C:\Users\fjc\Desktop\FRST.txt
2014-09-23 13:00 - 2014-09-23 13:00 - 00000000 ____D () C:\FRST
2014-09-23 12:58 - 2014-09-23 12:58 - 02106368 _____ (Farbar) C:\Users\fjc\Desktop\FRST64.exe
2014-09-23 12:43 - 2012-04-16 11:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 12:33 - 2012-02-20 00:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001UA.job
2014-09-23 12:33 - 2009-07-14 00:13 - 00791434 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 12:31 - 2012-02-19 14:13 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5C16717-52B4-4CEA-8140-E2D2D88B9914}
2014-09-23 12:30 - 2013-11-20 22:43 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-23 12:30 - 2011-12-26 17:54 - 01384794 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 02:00 - 2012-02-19 15:01 - 00000000 ____D () C:\Users\fjc\AppData\Local\Adobe
2014-09-23 00:44 - 2013-11-12 00:29 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForfjc
2014-09-23 00:44 - 2013-11-12 00:29 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForfjc.job
2014-09-22 15:40 - 2014-09-18 02:26 - 00000000 ____D () C:\Users\fjc\Desktop\Virus
2014-09-22 15:19 - 2014-09-16 00:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 15:16 - 2014-09-22 15:16 - 00026214 _____ () C:\ComboFix.txt
2014-09-22 15:16 - 2014-09-19 14:48 - 00000000 ____D () C:\Qoobox
2014-09-22 15:05 - 2014-05-05 18:54 - 00000000 ____D () C:\Users\fjc\Downloads\new
2014-09-22 14:41 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 14:33 - 2012-02-20 00:48 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2440430310-1066896749-2309528628-1001Core.job
2014-09-22 14:32 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:32 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 14:24 - 2014-09-17 15:52 - 00000560 _____ () C:\Windows\setupact.log
2014-09-22 14:24 - 2012-07-07 18:57 - 00001769 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-09-22 14:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 14:21 - 2014-09-19 14:47 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 14:21 - 2013-08-03 22:33 - 01197568 ___SH () C:\Users\fjc\Desktop\Thumbs.db
2014-09-22 13:42 - 2014-09-17 15:52 - 00702158 _____ () C:\Windows\PFRO.log
2014-09-22 13:32 - 2012-03-02 02:57 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\vlc
2014-09-22 13:29 - 2014-09-19 14:42 - 05579290 ____R (Swearware) C:\Users\fjc\Desktop\ComboFix.exe
2014-09-21 02:23 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\fjc\Desktop\FTC and Replays
2014-09-20 22:45 - 2012-02-09 06:42 - 00000000 ____D () C:\Users\fjc\Documents\Bills
2014-09-20 22:45 - 2012-02-09 06:38 - 00003442 _____ () C:\Users\fjc\Documents\NUMBERS.txt
2014-09-20 14:35 - 2014-09-20 14:35 - 00000251 _____ () C:\Users\fjc\Desktop\mud.txt
2014-09-19 16:34 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-09-19 15:05 - 2013-07-19 00:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 15:05 - 2012-05-03 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 15:04 - 2009-07-13 21:34 - 71041024 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-19 15:04 - 2009-07-13 21:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-19 15:04 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-19 15:04 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-19 15:04 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-19 00:59 - 2014-09-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 13:40 - 2014-09-18 13:40 - 01805736 _____ (Symantec Corporation) C:\Users\fjc\Downloads\FixZeroAccess.exe
2014-09-18 13:40 - 2014-09-18 13:40 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-09-18 13:03 - 2014-09-18 13:03 - 00008662 _____ () C:\Users\fjc\Desktop\attach.txt
2014-09-18 13:01 - 2014-09-18 13:01 - 00688992 ____R (Swearware) C:\Users\fjc\Desktop\dds.com
2014-09-18 13:00 - 2014-09-18 13:00 - 00001150 _____ () C:\Users\fjc\Downloads\w7-wscsvc.zip
2014-09-18 12:58 - 2012-03-08 23:09 - 00000000 ____D () C:\Users\fjc\AppData\Local\CrashDumps
2014-09-18 12:47 - 2014-09-18 04:53 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-18 04:53 - 2014-09-18 04:53 - 02174848 _____ () C:\Users\fjc\Downloads\instsf450.exe
2014-09-18 04:53 - 2014-09-18 04:53 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-09-18 04:53 - 2014-09-18 04:53 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-18 04:53 - 2014-09-18 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-18 03:19 - 2014-09-18 03:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\fjc\Downloads\rkill.exe
2014-09-18 03:15 - 2014-09-12 21:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-18 03:14 - 2014-09-18 02:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 03:14 - 2014-09-18 02:55 - 00000000 ____D () C:\Users\fjc\Desktop\mbar
2014-09-18 02:55 - 2014-09-16 00:25 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 02:29 - 2014-09-17 15:43 - 00037774 _____ () C:\Users\fjc\Downloads\Result.txt
2014-09-18 02:28 - 2014-09-18 02:28 - 00401920 _____ (Farbar) C:\Users\fjc\Downloads\MiniToolBox(1).exe
2014-09-18 02:15 - 2014-09-18 02:15 - 00854417 _____ () C:\Users\fjc\Downloads\SecurityCheck.exe
2014-09-18 02:08 - 2014-09-18 02:08 - 02347384 _____ (ESET) C:\Users\fjc\Downloads\esetsmartinstaller_enu.exe
2014-09-18 02:08 - 2014-09-18 02:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 02:06 - 2014-09-18 02:06 - 00005122 _____ () C:\Users\fjc\Desktop\JRT.txt
2014-09-18 01:58 - 2014-09-18 01:58 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 01:57 - 2014-09-18 01:57 - 01016830 _____ (Thisisu) C:\Users\fjc\Downloads\JRT.exe
2014-09-17 15:52 - 2014-09-17 15:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 15:51 - 2014-09-17 15:49 - 00000000 ____D () C:\AdwCleaner
2014-09-17 15:46 - 2014-09-17 15:46 - 01373475 _____ () C:\Users\fjc\Downloads\AdwCleaner.exe
2014-09-17 15:44 - 2014-09-17 15:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\fjc\Downloads\tdsskiller.exe
2014-09-17 15:43 - 2014-09-17 15:43 - 00401920 _____ (Farbar) C:\Users\fjc\Downloads\MiniToolBox.exe
2014-09-17 15:38 - 2012-02-26 00:15 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\mIRC
2014-09-17 14:08 - 2012-11-16 20:27 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\DAEMON Tools Pro
2014-09-17 14:08 - 2012-03-04 00:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-17 14:08 - 2012-02-23 00:42 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Media Player Classic
2014-09-17 14:07 - 2012-06-20 19:07 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 14:01 - 2014-09-17 14:01 - 04901352 _____ (Piriform Ltd) C:\Users\fjc\Downloads\ccsetup417.exe
2014-09-17 14:01 - 2013-03-03 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-17 14:01 - 2013-03-03 13:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-17 13:53 - 2014-09-17 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-09-17 13:53 - 2014-09-17 13:53 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-09-17 13:53 - 2014-09-17 13:52 - 02270984 _____ (mIRC Co. Ltd.) C:\Users\fjc\Downloads\mirc736.exe
2014-09-17 13:49 - 2014-09-17 13:27 - 00000000 ____D () C:\Users\fjc\AppData\Local\NPE
2014-09-17 13:29 - 2014-09-17 13:29 - 00000000 ____D () C:\NPE
2014-09-17 13:27 - 2014-09-17 13:27 - 03060320 ____N (Symantec Corporation) C:\Users\fjc\Downloads\NPE.exe
2014-09-17 13:27 - 2011-12-26 18:06 - 00000000 ____D () C:\ProgramData\Norton
2014-09-17 13:24 - 2014-09-17 13:24 - 02476596 _____ (Trend Micro Inc.) C:\Users\fjc\Downloads\HousecallLauncher64.exe
2014-09-17 13:24 - 2014-09-17 13:24 - 00000036 _____ () C:\Users\fjc\AppData\Local\housecall.guid.cache
2014-09-17 01:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-09-16 03:51 - 2012-02-09 06:39 - 00000000 ____D () C:\Users\fjc\Documents\Tutoring
2014-09-16 01:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-16 01:13 - 2014-09-16 00:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-16 01:12 - 2012-09-22 21:25 - 00000000 ____D () C:\Users\fjc\AppData\Local\CRE
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\MPC-HC
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-09-16 00:50 - 2014-09-16 00:50 - 00000000 ____D () C:\Program Files\MPC-HC
2014-09-16 00:49 - 2014-09-16 00:49 - 11775336 _____ (MPC-HC Team ) C:\Users\fjc\Downloads\MPC-HC.1.7.6.x64.exe
2014-09-16 00:26 - 2014-09-16 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 00:25 - 2014-09-16 00:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\fjc\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 00:25 - 2014-09-16 00:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 18:12 - 2014-09-15 14:26 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-09-15 18:05 - 2014-09-15 17:59 - 00000000 ____D () C:\Users\fjc\Downloads\HP.Season.01
2014-09-15 17:18 - 2014-09-15 17:18 - 00004314 _____ () C:\Windows\System32\Tasks\Installer_shopperpro
2014-09-15 17:18 - 2014-09-15 17:18 - 00004282 _____ () C:\Windows\System32\Tasks\Installer_sm
2014-09-15 17:18 - 2014-09-15 17:18 - 00004282 _____ () C:\Windows\System32\Tasks\Installer_cr
2014-09-15 17:18 - 2014-09-15 17:18 - 00003564 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-15 17:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-15 15:03 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-15 14:44 - 2012-09-18 01:03 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-15 14:38 - 2014-09-15 14:38 - 00000000 ____D () C:\Users\fjc\AppData\Local\Plarium
2014-09-15 14:35 - 2014-09-15 14:35 - 13141248 _____ (BlueStack Systems Inc.) C:\Users\fjc\Downloads\BlueStacks-SplitInstaller_native_b.exe
2014-09-15 14:32 - 2009-07-13 21:34 - 00000615 _____ () C:\Windows\win.ini
2014-09-15 01:52 - 2014-09-11 15:35 - 00000000 ____D () C:\Users\fjc\Downloads\Windows 8.1 Update 1 Pro X64 PreActivated
2014-09-12 22:35 - 2014-09-12 22:35 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-12 22:35 - 2014-09-12 22:02 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-12 22:35 - 2014-09-12 22:02 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-12 21:43 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-12 21:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-12 21:42 - 2014-09-12 21:42 - 00631208 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\fjc\Downloads\rufus-1.4.10.exe
2014-09-12 21:35 - 2014-09-12 21:35 - 02721168 _____ (Microsoft Corporation) C:\Users\fjc\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2014-09-12 02:33 - 2014-09-12 02:33 - 01943543 _____ () C:\Users\fjc\Downloads\NBA_2K14_Manual_PC.zip
2014-09-11 17:44 - 2014-09-11 17:43 - 00000000 ____D () C:\Users\fjc\Desktop\RT
2014-09-11 17:43 - 2014-09-11 17:43 - 00330853 _____ () C:\Users\fjc\Downloads\RealTemp_370.zip
2014-09-10 04:43 - 2014-09-10 04:43 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 04:43 - 2012-04-16 11:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 04:43 - 2012-04-16 11:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 04:43 - 2011-10-15 21:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 01:09 - 2014-09-09 01:41 - 00018289 _____ () C:\Users\fjc\Desktop\New PC.ods
2014-09-10 01:04 - 2012-02-20 15:08 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Audacity
2014-09-10 00:22 - 2014-09-09 13:38 - 00000000 ____D () C:\Users\fjc\Desktop\New PC
2014-09-08 12:11 - 2014-09-08 12:11 - 00000018 _____ () C:\Users\fjc\Desktop\Hankster.txt
2014-09-05 15:46 - 2014-09-05 15:46 - 00000041 _____ () C:\Users\fjc\Desktop\alarm.txt
2014-09-04 02:31 - 2014-09-04 02:27 - 207512102 _____ () C:\Users\fjc\Downloads\MD4_Personal_1_4_53_8519_Installer_x64.exe
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\DropboxMaster
2014-09-01 14:03 - 2012-07-20 04:54 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Dropbox
2014-08-29 15:16 - 2014-08-29 15:16 - 00017325 _____ () C:\Users\fjc\Desktop\Computer.ods
2014-08-29 14:02 - 2014-06-09 15:52 - 00022069 _____ () C:\Users\fjc\Desktop\Astros Stringer_FTC Schedule.ods
2014-08-28 02:25 - 2014-08-28 02:25 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-08-28 02:25 - 2014-08-28 02:25 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-25 15:51 - 2014-08-25 15:50 - 00000000 ____D () C:\Users\Public\Documents\My DAZ 3D Library
2014-08-25 15:32 - 2014-08-25 15:32 - 00000000 ____D () C:\Users\Public\Documents\DAZ 3D
2014-08-25 15:27 - 2014-08-25 15:27 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-08-25 15:27 - 2014-08-25 15:27 - 00000000 ____D () C:\Users\fjc\AppData\Roaming\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\ProgramData\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\Program Files\DAZ 3D
2014-08-25 15:26 - 2014-08-25 15:26 - 00000000 ____D () C:\Program Files (x86)\DAZ 3D
2014-08-25 15:24 - 2014-08-25 15:23 - 55977640 _____ (DAZ 3D) C:\Users\fjc\Downloads\DAZ3DIM_1.1.0.27_Win32.exe
2014-08-25 15:07 - 2014-08-25 15:07 - 15511656 _____ (DAZ 3D) C:\Users\fjc\Downloads\DSON_Importer_for_Poser_1.1.3.50_Win64.exe
2014-08-25 15:06 - 2014-08-25 15:06 - 14163680 _____ (DAZ 3D) C:\Users\fjc\Downloads\DSON_Importer_for_Poser_1.1.3.50_Win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 16:52

==================== End Of Log ============================


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 24 September 2014 - 06:08 AM

Combofix removed some malicious files but the definitely have nothing to do with the issues you´re describing.

Let´s see if your hard disk is damaged:

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 24 September 2014 - 01:23 PM

No integrity violations found.

 

Here is the log from the disk check:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          9/24/2014 12:55:56 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      fjc-HP
Description:


Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  706816 file records processed.                                         

File verification completed.
  497 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  75 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  770788 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  706816 file SDs/SIDs processed.                                        

Cleaning up 2163 unused index entries from index $SII of file 0x9.
Cleaning up 2163 unused index entries from index $SDH of file 0x9.
Cleaning up 2163 unused security descriptors.
Security descriptor verification completed.
  31987 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35349808 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 462213119 KB total disk space.
 145674600 KB in 654739 files.
    295120 KB in 31988 indexes.
         0 KB in bad sectors.
    824455 KB in use by the system.
     65536 KB occupied by the log file.
 315418944 KB available on disk.

      4096 bytes in each allocation unit.
 115553279 total allocation units on disk.
  78854736 allocation units available on disk.

Internal Info:
00 c9 0a 00 93 7a 0a 00 03 3c 13 00 00 00 00 00  .....z...<......
71 60 00 00 4b 00 00 00 00 00 00 00 00 00 00 00  q`..K...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-09-24T17:55:56.000000000Z" />
    <EventRecordID>70110</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>fjc-HP</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
  706816 file records processed.                                         

File verification completed.
  497 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  75 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 3)...
  770788 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 3)...
  706816 file SDs/SIDs processed.                                        

Cleaning up 2163 unused index entries from index $SII of file 0x9.
Cleaning up 2163 unused index entries from index $SDH of file 0x9.
Cleaning up 2163 unused security descriptors.
Security descriptor verification completed.
  31987 data files processed.                                           

CHKDSK is verifying Usn Journal...
  35349808 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 462213119 KB total disk space.
 145674600 KB in 654739 files.
    295120 KB in 31988 indexes.
         0 KB in bad sectors.
    824455 KB in use by the system.
     65536 KB occupied by the log file.
 315418944 KB available on disk.

      4096 bytes in each allocation unit.
 115553279 total allocation units on disk.
  78854736 allocation units available on disk.

Internal Info:
00 c9 0a 00 93 7a 0a 00 03 3c 13 00 00 00 00 00  .....z...&lt;......
71 60 00 00 4b 00 00 00 00 00 00 00 00 00 00 00  q`..K...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 25 September 2014 - 06:18 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 September 2014 - 01:24 PM

I purchased this computer used and do not know of any cracked programs or copyrighted content on it.   I don't know what the previous owner installed.  The problems didn't begin until the Bluestacks install.  It is not cracked software.  It is a free android emulator for PC:  http://www.bluestacks.com/ .

 

If you can no longer help me, I understand.  Thank you for your help.

 

I will remove/uninstall any software that doesn't belong on this system or any software that is causing problems. 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 26 September 2014 - 05:51 AM

We´ll remove the potentially cracked file with the next fix.

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Edited by TB-Psychotic, 26 September 2014 - 05:52 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 September 2014 - 01:14 PM

Malwarebytes found no threats.  Here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by fjc at 2014-09-26 12:32:06 Run:1
Running from C:\Users\fjc\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {DB6B80BD-13D0-4A3A-B579-390F25B593F5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {D7F31C2C-B035-48AF-BC0D-6B53FF86B441} - \PastaQuotes No Task File <==== ATTENTION
Task: {BE76CFDA-C0CC-4C2D-9BEE-0B9F6CD981AC} - System32\Tasks\Installer_shopperpro => C:\Users\fjc\AppData\Local\Installer\Installshopperpro_41\DCgetfileg.ash <==== ATTENTION
Task: {C1B48E37-0F7C-4D00-8707-E53379702FF4} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {C2F83583-47A3-4B3E-B306-88CE2385CB1C} - System32\Tasks\Installer_cr => C:\Users\fjc\AppData\Local\Installer\Installcr_41\DCgetfileg.ash <==== ATTENTION
Task: {27A46A97-AD31-444B-A48F-9E132BE21C64} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {04190C12-5299-461F-9728-D3E7920C2EEC} - System32\Tasks\Installer_sm => C:\Users\fjc\AppData\Local\Installer\Installsm_41\DCgetfileg.ash <==== ATTENTION
CHR DefaultSearchKeyword: Default -> search.conduit.com_
CHR DefaultSearchProvider: Default -> Conduit
CHR DefaultNewTabURL: Default -> https://search.conduit.com/?gd=&ctid=CT3306061&octid=CT3306061&ISID=ISID_ID&SearchSource=15&CUI=UN17729431832378310&SSPV=&lay=3&p=cnts&UM=2&SAT=CNTS

C:\Users\fjc\Downloads\Windows 8.1 Update 1 Pro X64 PreActivated
C:\PROGRA~1\COMMON~1\System
C:\Users\fjc\AppData\Local\Installer\Installshopperpro_41
C:\Program Files (x86)\YTDownloader
C:\Users\fjc\AppData\Local\Installer\Installcr_41
C:\Users\fjc\AppData\Local\Installer\Installsm_41

EmptyTemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB6B80BD-13D0-4A3A-B579-390F25B593F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6B80BD-13D0-4A3A-B579-390F25B593F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7F31C2C-B035-48AF-BC0D-6B53FF86B441}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F31C2C-B035-48AF-BC0D-6B53FF86B441}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE76CFDA-C0CC-4C2D-9BEE-0B9F6CD981AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE76CFDA-C0CC-4C2D-9BEE-0B9F6CD981AC}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer_shopperpro => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_shopperpro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1B48E37-0F7C-4D00-8707-E53379702FF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1B48E37-0F7C-4D00-8707-E53379702FF4}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2F83583-47A3-4B3E-B306-88CE2385CB1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2F83583-47A3-4B3E-B306-88CE2385CB1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer_cr => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27A46A97-AD31-444B-A48F-9E132BE21C64}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A46A97-AD31-444B-A48F-9E132BE21C64}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04190C12-5299-461F-9728-D3E7920C2EEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04190C12-5299-461F-9728-D3E7920C2EEC}" => Key deleted successfully.
C:\Windows\System32\Tasks\Installer_sm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sm" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Conduit ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultNewTabURL: Default -> https://search.conduit.com/?gd=&ctid=CT3306061&octid=CT3306061&ISID=ISID_ID&SearchSource=15&CUI=UN17729431832378310&SSPV=&lay=3&p=cnts&UM=2&SAT=CNTS => Error: No automatic fix found for this entry.
"C:\Users\fjc\Downloads\Windows 8.1 Update 1 Pro X64 PreActivated" => Moved successfully.
C:\PROGRA~1\COMMON~1\System => Moved successfully.
C:\Users\fjc\AppData\Local\Installer\Installshopperpro_41 => Moved successfully.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
C:\Users\fjc\AppData\Local\Installer\Installcr_41 => Moved successfully.
C:\Users\fjc\AppData\Local\Installer\Installsm_41 => Moved successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/26/2014
Scan Time: 12:46:10 PM
Logfile: latestmal.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: fjc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 441686
Time Elapsed: 17 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by fcabanski, 26 September 2014 - 01:16 PM.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 29 September 2014 - 04:33 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 fcabanski

fcabanski
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 29 September 2014 - 01:25 PM

I use Firefox.  The installer for Eset will not complete the component download.  "Can not get update.  Is proxy configured?"

 

I tried to perform the Eset scan in IE, but that browser says there is a connection problem.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users