Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple PUP's found by Malwarebytes but problems persist


  • This topic is locked This topic is locked
16 replies to this topic

#1 rocks911

rocks911

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 November 2014 - 05:16 PM

I have a W7 64 bit machine , I run Malwarebytes pro, Microsoft Security Essentials and Superantispyware on my machine and have had zero problems for years now, however I seem to have picked up something nasty.

I ran Malwarebytes 2.03.1025 premium and it found and quarantined multiple PUP entries: PUP.Optional.SaveSense.A, PUP.Optional.BonanzaDeals.A, PUP.Optional.BrowserSafeguard

There were many entries of the SaveSense but only 1 entry of the others.

I deleted these from quarantine

 

My PC is still acting strangely, I cant start my VPN service as the menu of connection sites doesnt appear any more. Also security programs (Superantispyware) are either not able to run at all or are acting strangely.

Below are my logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by D's at 15:45:03 on 2014-11-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16376.13122 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\D's\AppData\Local\Temp\ocrCFBC.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\D's\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1339597769964
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{5A3D453F-73C8-486A-AA9C-35682E0854B9} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{A1384C42-BF5E-4E22-80E6-C0B689313F8F}\759474D443 : DHCPNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{A699191F-EA1B-47C3-9A28-FBB1356E6756} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: &ClipMate ClipBar v7.5: {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\qu1epezo.default-1416434576790\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\qu1epezo.default-1416434576790\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 275024]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-13 137312]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-5-20 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-5-20 146528]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-23 45856]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-11-18 20160]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-12-2 390352]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-12-3 1465016]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-5-20 3459024]
R2 AlternateMceIrService;AlternateMceIrService;C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [2011-11-7 36352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-13 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-13 131072]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-8 2464400]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe [2014-11-22 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe [2014-11-22 968504]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-6 1119768]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-2-19 1142768]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-3 239176]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-2-28 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-2-28 271728]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-5-20 367200]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-7 231440]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-12 44624]
R3 gttap1;GoTrusted Adapter;C:\Windows\System32\drivers\gttap1.sys [2013-9-12 38184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-22 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-22 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 1874016]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-10 243712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-24 838216]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-7 58536]
R3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2012-11-26 17008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-20 359936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-2 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-2 13280]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-22 21:14:51    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3501540C-5A83-7116-02FF-4D3650B6A538}\GapaEngine.dll
2014-11-22 21:12:02    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4C99889A-D3D9-4C30-90C6-860B07916433}\mpengine.dll
2014-11-22 19:36:30    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-11-22 19:36:30    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-11-22 14:24:09    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-22 14:23:51    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-22 13:51:11    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{843B51A0-0125-498E-82E2-0BD79119D016}\gapaengine.dll
2014-11-20 22:19:06    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-19 18:38:46    --------    d-----w-    C:\Program Files (x86)\ESET
2014-11-19 09:18:39    --------    d-----w-    C:\ProgramData\PDFC
2014-11-18 23:12:40    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-18 23:12:40    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-18 23:12:39    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-18 23:12:35    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-18 20:28:28    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-18 20:26:48    --------    d-sh--w-    C:\Users\D's\AppData\Local\EmieBrowserModeList
2014-11-18 18:54:41    --------    d-----w-    C:\Users\D's\AppData\Local\Macromedia
2014-11-18 14:26:56    --------    d-----w-    C:\ProgramData\GlarySoft
2014-11-18 13:09:23    20160    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-11-18 13:09:22    --------    d-----w-    C:\Users\D's\AppData\Roaming\GlarySoft
2014-11-18 13:08:54    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-11-15 15:10:16    --------    d-----w-    C:\Program Files\Nightly
2014-11-12 13:31:42    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-11-12 13:31:41    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-11-12 13:31:41    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-11-12 13:31:41    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 13:31:40    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-11-12 13:31:40    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-11-12 13:31:40    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-11-12 13:31:40    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-11-12 13:31:37    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-11-12 13:25:27    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-12 13:25:26    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-11-12 13:25:25    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-11-12 13:25:24    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-11-12 13:25:23    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-11-12 13:25:23    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-11-12 13:25:22    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-11-12 13:25:22    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-11-12 13:25:21    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-11-12 13:25:21    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-11-12 13:25:20    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-11-12 13:25:20    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-11-12 13:24:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-11-12 13:24:59    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-11-12 13:19:52    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-12 13:19:45    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-12 13:19:43    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-12 13:19:24    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-12 13:19:23    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M  ====================
.
2014-11-16 14:13:40    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-16 14:13:40    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-10-30 11:25:26    275080    ----a-w-    C:\Windows\System32\MpSigStub.exe
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-01 17:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 17:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2013-08-19 13:22:47    15604224    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-08-19 13:22:37    916992    ----a-w-    C:\Program Files (x86)\LPToolbar_x64.dll
2013-08-19 13:22:37    612864    ----a-w-    C:\Program Files (x86)\LPToolbar.dll
2013-08-19 13:22:37    180736    ----a-w-    C:\Program Files (x86)\WinBioStandalone.exe
2013-08-19 13:22:37    1425408    ----a-w-    C:\Program Files (x86)\LPIEHome64.ocx
2013-08-19 13:22:37    11877888    ----a-w-    C:\Program Files (x86)\LPPlugin_x64.dll
2013-08-19 13:22:37    1068544    ----a-w-    C:\Program Files (x86)\LPIEHome.ocx
2013-08-19 13:22:36    6484992    ----a-w-    C:\Program Files (x86)\LPPlugin.dll
.
============= FINISH: 15:45:55.72 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 24 November 2014 - 11:50 AM

Hello? Is this thing on?



#3 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 25 November 2014 - 05:35 AM

Disregard this post. I resurected my PC with an older copy.

Thanks nonetheless.



#4 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 26 November 2014 - 10:57 AM

Oops, spoke too soon.

Still need help figuring out what is going on with my PC, please.

I re-installed a mirror copy I made 3 months ago (I thought it was a clean copy) and it worked just fine for a day and then problems started again. My DVD drives disappeared and I'm also having trouble with my Firefox browser.

 

My original post indicated that multiple PUP's were found, and indeed they were, but they were found within the AdwCleaner quarantine area. I just went through this again after I restored to yesterdays configuration and as soon as Malwarebytes started finding the PUP's again (again within AdwCleaner) the PC started acting up...losing my optical drive and other bizarre behaviors.

 

Help! Please

 

I will post the requested logs when I hear from ya'll


Edited by rocks911, 26 November 2014 - 11:03 AM.


#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 27 November 2014 - 05:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557258 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 28 November 2014 - 09:49 AM

My W7 64 bit machine is acting strangely. Over the past few days through my continued effort to eradicate whatever is causing my problems a few different things have happened.  To begin with I was getting pop-up messages when I would close Firefox (the messages were for Russian brides among others) and the program Malwarebytes would not function correctly, I had to do a clean install of Malwarebytes. Other programs also were not working correctly, for example I completely lost my DVD drive, it didnt show in the directory and would not respond when a DVD was inserted. After using several programs to clean the machine (Spybot, Kaspersky and others) things seem to have gotten better but still when using Firefox I would get pop-up's (for Alibaba of all things. certainly a more legit site, not a Russian bride site for sure, but still not a behavior I want) I have changed browsers to Chrome as a result.  

 

My original Windows CD/DVD is not available.

 

DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17420
Run by D's at 8:46:21 on 2014-11-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16376.8783 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Users\D's\AppData\Local\Temp\ocrDD5.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Users\D's\AppData\Local\Temp\ocr27EA.tmp\bin\rubyw.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyServer = localhost:21320
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.3\GoTrusted Secure Tunnel.exe
StartupFolder: C:\Users\D's\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UNIVER~1.LNK - C:\Program Files (x86)\Universal Media Server\UMS.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1339597769964
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{5A3D453F-73C8-486A-AA9C-35682E0854B9} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{A1384C42-BF5E-4E22-80E6-C0B689313F8F}\759474D443 : DHCPNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{A699191F-EA1B-47C3-9A28-FBB1356E6756} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: &ClipMate ClipBar v7.5: {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-11-25 10:16; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-5-18 275024]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-13 137312]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-5-20 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-5-20 146528]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-23 45856]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-17 93400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-12-2 390352]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-12-3 1465016]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-26 815392]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-5-20 3459024]
R2 AlternateMceIrService;AlternateMceIrService;C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [2011-11-7 36352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-13 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-13 131072]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-8 2464400]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe [2014-11-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe [2014-11-24 968504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-6 1119768]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-2-19 1142768]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-5-3 239176]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-11-27 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-11-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-11-27 171928]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-5-20 367200]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-7 231440]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-12 44624]
R3 gttap1;GoTrusted Adapter;C:\Windows\System32\drivers\gttap1.sys [2013-9-12 38184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-24 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 1874016]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-10 243712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-24 838216]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-7 58536]
R3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2012-11-26 17008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-26 2630432]
S2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-20 359936]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-26 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-2 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-2 13280]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-27 23:49:27 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-27 23:47:40 -------- d-----w- C:\ProgramData\UMS
2014-11-27 23:46:57 -------- d-----w- C:\Program Files (x86)\Universal Media Server
2014-11-27 22:51:02 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{140ED9B8-3008-444E-9E6A-8113AD4A67C6}\mpengine.dll
2014-11-27 20:27:38 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-11-27 20:27:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-27 20:27:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-27 20:01:57 -------- d-----w- C:\Program Files\Serviio
2014-11-26 21:56:11 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-26 20:28:32 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-26 20:28:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-26 20:22:12 -------- d-----w- C:\Users\D's\AppData\Roaming\ProductData
2014-11-26 19:49:58 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-26 19:48:58 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-11-26 19:45:27 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-11-26 19:44:24 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-26 19:44:23 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-26 19:43:46 3221504 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-26 19:43:45 3722240 ----a-w- C:\Windows\System32\mstscax.dll
2014-11-26 19:43:44 1118720 ----a-w- C:\Windows\System32\mstsc.exe
2014-11-26 19:43:44 1051136 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-11-26 19:43:43 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-11-26 19:43:43 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-11-26 19:43:43 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-11-26 19:43:43 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-11-26 19:43:43 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-11-26 19:43:43 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-11-26 19:43:36 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-11-26 19:43:24 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-26 19:42:24 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-26 19:42:24 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-26 16:12:22 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-11-26 16:12:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-11-26 13:36:22 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-11-26 13:36:16 -------- d-----w- C:\Program Files (x86)\Reason
2014-11-26 13:30:10 -------- d-----w- C:\Program Files\AMD
2014-11-25 17:42:59 -------- d-----w- C:\ProgramData\Oracle
2014-11-25 03:44:44 -------- d-----w- C:\ProgramData\ProductData
2014-11-25 03:44:35 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-25 03:44:32 -------- d-----w- C:\ProgramData\IObit
2014-11-25 03:44:32 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2014-11-25 03:44:16 -------- d-----w- C:\Program Files (x86)\IObit
2014-11-25 03:44:14 -------- d-----w- C:\Users\D's\AppData\Roaming\IObit
2014-11-25 02:07:54 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77FBE771-3061-455B-92FC-F7FC0AEF2D9E}\gapaengine.dll
2014-11-25 01:02:13 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-25 00:59:34 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
.
==================== Find3M  ====================
.
2014-11-26 16:13:44 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-26 16:13:43 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 17:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 17:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2013-08-19 13:22:47 15604224 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-08-19 13:22:37 916992 ----a-w- C:\Program Files (x86)\LPToolbar_x64.dll
2013-08-19 13:22:37 612864 ----a-w- C:\Program Files (x86)\LPToolbar.dll
2013-08-19 13:22:37 180736 ----a-w- C:\Program Files (x86)\WinBioStandalone.exe
2013-08-19 13:22:37 1425408 ----a-w- C:\Program Files (x86)\LPIEHome64.ocx
2013-08-19 13:22:37 11877888 ----a-w- C:\Program Files (x86)\LPPlugin_x64.dll
2013-08-19 13:22:37 1068544 ----a-w- C:\Program Files (x86)\LPIEHome.ocx
2013-08-19 13:22:36 6484992 ----a-w- C:\Program Files (x86)\LPPlugin.dll
.
============= FINISH:  8:46:57.52 ===============
 
Thank you in advance...


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 29 November 2014 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#8 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 November 2014 - 11:32 AM

Thanks for the reply.

AdwCleaner log:

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 10:03:33
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : D's - ROCKS911
# Running from : C:\Users\D's\Desktop\D's\Security\AdwCleaner\adwcleaner_4.102.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Booster Scan
Task Found : Driver Booster Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Pale Moon v
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R19].txt - [878 octets] - [30/11/2014 10:03:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R19].txt - [938 octets] ##########
 
I was afraid to delete the key ...HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
 
 
farbar FIRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by D's (administrator) on ROCKS911 on 30-11-2014 10:08:01
Running from C:\Users\D's\Desktop\Bleeping computer
Loaded Profile: D's (Available profiles: D's & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(LSoft Technologies Inc) C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(http://www.ruby-lang.org/) C:\Users\D's\AppData\Local\Temp\ocr55CC.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(http://www.ruby-lang.org/) C:\Users\D's\AppData\Local\Temp\ocr9C6D.tmp\bin\rubyw.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-24] (SUPERAntiSpyware)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [GoTrusted] => C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.3\GoTrusted Secure Tunnel.exe [216224 2014-05-06] (GoTrusted.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
Startup: C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1956317476-2017758912-4027474406-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1956317476-2017758912-4027474406-1001] => localhost:21320
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> DefaultScope {3FFCB352-10BD-4198-903D-1C3E61DBEF24} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> {3FFCB352-10BD-4198-903D-1C3E61DBEF24} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &ClipMate ClipBar v7.5 - {F60C63CE-52AF-4915-AAC9-F100FCDE270F} - C:\Program Files (x86)\ClipMate7\ClipMateDeskBand.dll (Thornsoft Development, Inc)
Toolbar: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
FireFox:
========
FF ProfilePath: C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "http://clientconfig.immunicity.org/pacs/all.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\searchplugins\firefox-add-ons.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\iobitascsurfingprotection@iobit.com [2014-11-26]
FF Extension: YesScript - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\yesscript@userstyles.org.xpi [2014-02-19]
FF Extension: Multi Smart Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{5a70bdd5-7fb1-44eb-8193-5dd6ad27038f}.xpi [2014-01-17]
FF Extension: Context Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2014-01-16]
FF Extension: Selected Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{a3b1e8b3-ba2c-4280-9768-198db1817b5d}.xpi [2014-01-17]
FF Extension: Adblock Plus - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-16]
FF Extension: Adblock Edge - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-16]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (Adblock Plus) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-28]
CHR Extension: (IP Address) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckgdoapjnjcjngggefgbkjmhgjoghcog [2014-11-28]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)
R2 Active@ Disk Monitor; C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [1465016 2011-06-16] (LSoft Technologies Inc)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AlternateMceIrService; C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [36352 2011-03-27] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-02-19] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2010-09-20] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-11-30] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
S3 x10nets; C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe [20480 2003-12-21] (X10) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-09-23] (AVG Technologies)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-02] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-02] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-02] (Paragon)
R3 vl810filter; C:\Windows\System32\DRIVERS\vl810filter.sys [17008 2011-02-16] (VIA Labs, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 10:07 - 2014-11-30 10:08 - 00000000 ____D () C:\FRST
2014-11-30 10:03 - 2014-11-30 10:04 - 00000000 ___SH () C:\DkHyperbootSync
2014-11-30 09:54 - 2014-11-30 09:54 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-30 09:54 - 2014-11-30 09:54 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-30 09:54 - 2014-11-30 09:54 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-30 09:54 - 2014-11-30 09:54 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-30 09:54 - 2014-11-30 09:54 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 02472136 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2014-11-30 09:53 - 2014-11-30 09:53 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-11-30 09:53 - 2014-11-30 09:53 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2014-11-30 09:51 - 2014-11-30 09:51 - 00003210 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-11-30 09:51 - 2014-11-30 09:51 - 00003154 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-11-30 09:31 - 2014-11-30 09:47 - 00004936 _____ () C:\Windows\PFRO.log
2014-11-30 09:27 - 2014-11-30 09:27 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-30 09:27 - 2014-11-30 09:27 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-30 09:27 - 2014-11-30 09:27 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00759301 _____ () C:\Windows\system32\amdicdxx.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00734861 _____ () C:\Windows\system32\atiicdxx.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-30 09:27 - 2014-11-30 09:27 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-30 09:27 - 2014-11-30 09:27 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00322868 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00321200 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00290080 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00272600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00234164 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00232752 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00158928 _____ () C:\Windows\system32\ativce03.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00157224 _____ () C:\Windows\system32\amde31a.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-30 09:26 - 2014-11-30 09:26 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-11-30 09:26 - 2014-11-30 09:26 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-11-30 09:25 - 2014-11-30 09:25 - 00293720 _____ (Advanced Micro Devices, Inc) C:\Windows\system32\Drivers\ahcix64s.sys
2014-11-30 09:21 - 2014-11-30 10:00 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (D's)
2014-11-30 09:21 - 2014-11-30 09:56 - 00002146 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-11-30 09:21 - 2014-11-30 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-11-30 09:17 - 2014-11-30 09:17 - 02117632 _____ (Farbar) C:\Users\D's\Downloads\FRST64 (1).exe
2014-11-30 08:58 - 2014-11-30 10:08 - 00000000 ____D () C:\Users\D's\Desktop\Bleeping computer
2014-11-30 08:58 - 2014-11-30 08:58 - 02117632 _____ (Farbar) C:\Users\D's\Downloads\FRST64.exe
2014-11-30 08:50 - 2014-11-30 09:59 - 00001214 _____ () C:\Windows\setupact.log
2014-11-30 08:50 - 2014-11-30 08:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-29 08:28 - 2014-11-29 08:28 - 00000000 ____D () C:\Users\D's\Downloads\The.Boxtrolls.2014.720p.WEBRiP.X264.STUDiO.AUDiO.AC3-Blackjesus
2014-11-29 08:27 - 2014-11-29 08:28 - 00000000 ____D () C:\Users\D's\Downloads\Annie.2014.DVDSCR.X264.AC3-Blackjesus
2014-11-28 18:37 - 2014-11-28 18:37 - 00688992 _____ (Swearware) C:\Users\D's\Downloads\dds (4).com
2014-11-28 17:52 - 2014-11-28 17:53 - 00000000 ____D () C:\Users\D's\Downloads\Still.Alice.2014.DVDSCR.X264.AC3-Blackjesus
2014-11-28 17:51 - 2014-11-28 17:52 - 00000000 ____D () C:\Users\D's\Downloads\To.Write.Love.On.Her.Arms.2015.DVDSCR.x264.AC3.SiMPLE
2014-11-28 17:48 - 2014-11-28 17:49 - 00000000 ____D () C:\Users\D's\Downloads\Blazing Saddles (1974) [1080p]
2014-11-28 17:46 - 2014-11-28 17:46 - 00688992 _____ (Swearware) C:\Users\D's\Downloads\dds (3).com
2014-11-28 14:36 - 2014-11-28 14:36 - 00688992 _____ (Swearware) C:\Users\D's\Downloads\dds (2).com
2014-11-28 13:26 - 2014-11-28 13:26 - 00688992 _____ (Swearware) C:\Users\D's\Downloads\dds (1).com
2014-11-28 09:03 - 2014-11-28 09:03 - 00002299 _____ () C:\Users\D's\Desktop\Chrome App Launcher.lnk
2014-11-28 09:03 - 2014-11-28 09:03 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-28 08:56 - 2014-11-28 08:57 - 00000000 ____D () C:\Users\D's\Downloads\Fury.2014.DVDscr.XViD.AC3-juggs[ETRG]
2014-11-28 08:46 - 2014-11-28 08:46 - 00688992 ____R (Swearware) C:\Users\D's\Downloads\dds.com
2014-11-27 17:49 - 2014-11-27 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-27 17:49 - 2014-11-27 17:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-27 17:47 - 2014-11-30 09:59 - 00000000 ____D () C:\ProgramData\UMS
2014-11-27 17:47 - 2014-11-27 17:47 - 00001928 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Media Server.lnk
2014-11-27 17:47 - 2014-11-27 17:47 - 00001020 _____ () C:\Users\Public\Desktop\Universal Media Server.lnk
2014-11-27 17:47 - 2014-11-27 17:47 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth
2014-11-27 17:47 - 2014-11-27 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Media Server
2014-11-27 17:47 - 2014-11-27 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth
2014-11-27 17:46 - 2014-11-27 17:47 - 00000000 ____D () C:\Program Files (x86)\Universal Media Server
2014-11-27 17:43 - 2014-11-27 17:44 - 47506222 _____ () C:\Users\D's\Downloads\UMS-4.2.2-Java7.exe
2014-11-27 17:29 - 2014-11-27 17:29 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-27 17:12 - 2014-01-22 11:08 - 00039260 _____ () C:\Windows\system32\Drivers\etc\hosts.20141127-171213.backup
2014-11-27 15:51 - 2014-11-27 15:51 - 48436736 _____ () C:\Users\D's\Downloads\googlechromestandaloneenterprise64.msi
2014-11-27 14:28 - 2014-11-27 14:28 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-27 14:27 - 2014-11-27 16:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-27 14:27 - 2014-11-27 14:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-27 14:27 - 2014-11-27 14:27 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-27 14:27 - 2014-11-27 14:27 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-27 14:27 - 2014-11-27 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-27 14:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-27 14:19 - 2014-11-27 14:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\D's\Downloads\spybot-2.4.exe
2014-11-27 14:02 - 2014-11-27 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2014-11-27 14:01 - 2014-11-27 14:02 - 00000000 ____D () C:\Program Files\Serviio
2014-11-27 14:00 - 2014-11-27 14:01 - 28313048 _____ () C:\Users\D's\Downloads\serviio-1.4.1.2-win-setup(1).exe
2014-11-27 10:11 - 2014-11-27 10:11 - 00000000 ____D () C:\Users\D's\Downloads\The.Polar.Express.2004.1080p.HDDVD.x264.anoXmous
2014-11-26 14:28 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-26 14:28 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-26 14:22 - 2014-11-26 14:22 - 00000000 ____D () C:\Users\D's\AppData\Roaming\ProductData
2014-11-26 14:21 - 2014-11-26 14:21 - 00003162 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2014-11-26 14:21 - 2014-11-26 14:21 - 00002882 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_D's
2014-11-26 14:21 - 2014-11-26 14:21 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-26 14:20 - 2014-11-26 15:54 - 00002181 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-11-26 14:20 - 2014-11-26 14:20 - 00002850 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_D's
2014-11-26 14:20 - 2014-11-26 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-11-26 14:19 - 2014-11-26 14:19 - 43183800 _____ (IObit ) C:\Users\D's\Downloads\advanced-systemcare-setup.exe
2014-11-26 13:50 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-26 13:50 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-26 13:50 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-26 13:50 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-26 13:50 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-26 13:50 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-26 13:50 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-26 13:50 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-26 13:50 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-26 13:50 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-26 13:50 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-26 13:50 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-26 13:50 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-26 13:50 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-26 13:50 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-26 13:50 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-26 13:50 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-26 13:50 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-26 13:50 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-26 13:50 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-26 13:50 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-26 13:50 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-26 13:50 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-26 13:50 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-26 13:50 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-26 13:50 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-26 13:50 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-26 13:50 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-26 13:50 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-26 13:50 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-26 13:50 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-26 13:50 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-26 13:50 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-26 13:50 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-26 13:50 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-26 13:50 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-26 13:50 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 13:50 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-26 13:50 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-26 13:50 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-26 13:50 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-26 13:50 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-26 13:50 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-26 13:50 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-26 13:50 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-26 13:50 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-26 13:50 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-26 13:50 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-26 13:50 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-26 13:50 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-26 13:50 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-26 13:50 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-26 13:50 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-26 13:50 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-26 13:50 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-26 13:50 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-26 13:49 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 13:49 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-26 13:49 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-26 13:49 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-26 13:49 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-26 13:49 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-26 13:49 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-26 13:49 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-26 13:49 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-26 13:49 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-26 13:49 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-26 13:49 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-26 13:49 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-26 13:49 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-26 13:49 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-26 13:48 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-26 13:48 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-26 13:48 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-26 13:48 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-26 13:48 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-26 13:48 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-26 13:48 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-26 13:48 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-26 13:48 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-26 13:45 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-26 13:45 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-26 13:44 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-26 13:44 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-26 13:43 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-26 13:43 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-26 13:43 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-26 13:43 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-26 13:43 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-26 13:43 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-26 13:43 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-26 13:43 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-26 13:43 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-26 13:43 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-26 13:43 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-26 13:43 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-26 13:42 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-26 13:42 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-26 10:14 - 2014-11-26 10:14 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-11-26 10:14 - 2014-11-26 10:13 - 00001073 _____ () C:\Users\D's\Desktop\Kaspersky Security Scan.lnk
2014-11-26 10:12 - 2014-11-26 10:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-26 10:12 - 2014-11-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-11-26 10:09 - 2014-11-26 10:10 - 00362880 _____ (Kaspersky Lab) C:\Users\D's\Downloads\setup.exe
2014-11-26 09:52 - 2014-11-26 09:52 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-26 09:07 - 2014-11-26 09:07 - 00000765 _____ () C:\Users\D's\.pia_manager_crash.log
2014-11-26 07:51 - 2014-11-26 07:53 - 00000000 ____D () C:\Users\D's\Downloads\Mean.Streets.1973.720p.BluRay.x264-BestHD[et]
2014-11-26 07:46 - 2014-11-26 07:47 - 00000000 ____D () C:\Users\D's\Downloads\Being There (1979) [1080p]
2014-11-26 07:36 - 2014-11-26 07:36 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-26 07:36 - 2014-11-26 07:36 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-11-26 07:30 - 2014-11-26 07:30 - 00000000 ____D () C:\Program Files\AMD
2014-11-26 07:24 - 2014-11-26 07:24 - 00000000 ____D () C:\Users\D's\Downloads\Bad Lieutenant (1992) [1080p]
2014-11-26 07:23 - 2014-11-26 07:24 - 00000000 ____D () C:\Users\D's\Downloads\Johnny Got His Gun (1971) [1080p]
2014-11-25 21:19 - 2014-11-25 21:19 - 00000000 ____D () C:\Users\D's\Downloads\The.Guest.2014.HDRip.XviD.MP3-RARBG
2014-11-25 21:17 - 2014-11-25 21:17 - 00000000 ____D () C:\Users\D's\Downloads\Housebound (2014) [1080p]
2014-11-25 21:14 - 2014-11-25 22:43 - 1556353077 _____ () C:\Users\D's\Downloads\Magic.In.The.Moonlight.2014.DVDRip.XviD.AC3-UT.avi
2014-11-25 15:31 - 2014-11-25 15:31 - 00000000 ____D () C:\Users\D's\Downloads\Hercules (2014) [1080p]
2014-11-25 15:30 - 2014-11-25 17:09 - 00000000 ____D () C:\Users\D's\Downloads\Guardians of the Galaxy (2014) [1080p]
2014-11-25 15:29 - 2014-11-25 15:29 - 00000000 ____D () C:\Users\D's\Downloads\Teenage Mutant Ninja Turtles (2014)
2014-11-25 15:27 - 2014-11-25 15:27 - 00000000 ____D () C:\Users\D's\Downloads\22 Jump Street (2014)
2014-11-25 11:58 - 2014-11-26 08:56 - 00000000 ____D () C:\Users\D's\Downloads\Batman 8 Movies Collection 1966-2012 BluRay 720p x264 aac jbr
2014-11-25 11:53 - 2014-11-25 11:53 - 00000000 ____D () C:\Users\D's\Downloads\Lucy (2014) [1080p]
2014-11-25 11:42 - 2014-11-25 11:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 04:42 - 2014-11-26 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-11-24 21:44 - 2014-11-30 09:21 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-24 21:44 - 2014-11-30 09:21 - 00000000 ____D () C:\ProgramData\IObit
2014-11-24 21:44 - 2014-11-26 14:21 - 00000000 ____D () C:\Users\D's\AppData\Roaming\IObit
2014-11-24 21:44 - 2014-11-25 09:31 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-24 21:44 - 2014-11-24 21:44 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-24 21:44 - 2014-11-24 21:44 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-24 20:20 - 2014-11-28 20:20 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForD's
2014-11-24 20:20 - 2014-11-28 20:20 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForD's.job
2014-11-24 19:02 - 2014-11-30 09:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 18:59 - 2014-11-26 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 18:59 - 2014-11-24 19:03 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 18:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 10:06 - 2013-02-12 07:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 10:06 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 10:06 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 10:05 - 2013-09-09 19:58 - 00000000 ____D () C:\AdwCleaner
2014-11-30 10:03 - 2012-02-17 15:03 - 00000436 ____H () C:\Windows\Tasks\Windows Driver Foundation.job
2014-11-30 10:03 - 2011-06-06 13:15 - 02048877 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 10:00 - 2011-09-29 15:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-30 09:59 - 2013-02-12 07:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 09:59 - 2012-12-04 17:42 - 00000493 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-30 09:59 - 2012-09-03 07:59 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-30 09:59 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 09:56 - 2009-07-13 23:13 - 00859876 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 09:55 - 2013-05-03 13:10 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-30 09:53 - 2011-06-06 13:07 - 00027293 _____ () C:\Windows\system32\RaCoInst.log
2014-11-30 09:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-11-30 09:27 - 2012-09-27 19:39 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-30 09:27 - 2012-09-27 19:38 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-30 09:27 - 2012-09-27 19:11 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-30 09:27 - 2012-06-11 10:27 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-30 09:26 - 2011-06-06 14:04 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-11-30 09:13 - 2013-10-27 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 09:10 - 2011-09-29 18:29 - 00000000 ____D () C:\Users\D's\Desktop\D's
2014-11-30 08:57 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-30 08:50 - 2014-06-10 15:53 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6c16f6f2-5bed-4257-a652-0bfa0c6e2c33.job
2014-11-29 11:55 - 2011-09-29 15:13 - 00000000 ____D () C:\Users\D's\AppData\Roaming\vlc
2014-11-29 09:11 - 2012-06-09 15:54 - 00000000 ____D () C:\Users\D's\AppData\Roaming\tixati
2014-11-29 09:04 - 2011-12-23 14:09 - 00000000 ____D () C:\Users\Guest
2014-11-28 15:49 - 2011-11-04 14:46 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-28 15:49 - 2011-10-01 01:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-27 17:48 - 2011-09-29 15:07 - 00000000 ____D () C:\Program Files\Java
2014-11-27 17:47 - 2011-11-22 13:57 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-11-27 10:23 - 2011-09-29 13:52 - 00000000 ____D () C:\Users\D's\AppData\Local\CrashDumps
2014-11-26 21:23 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-26 15:54 - 2013-02-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-11-26 15:54 - 2013-01-27 15:31 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueScreenView
2014-11-26 15:54 - 2013-01-16 14:00 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Vso
2014-11-26 15:54 - 2012-11-14 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avi2Dvd
2014-11-26 15:54 - 2012-06-19 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-26 15:54 - 2012-05-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-26 15:54 - 2011-12-07 13:20 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
2014-11-26 15:54 - 2011-12-05 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-11-26 15:54 - 2011-11-22 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-11-26 15:54 - 2011-09-29 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2014-11-26 15:54 - 2011-06-06 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-11-26 15:54 - 2011-06-06 13:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-11-26 15:54 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-26 14:16 - 2011-10-05 20:03 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-11-26 14:15 - 2011-09-29 11:47 - 00116448 _____ () C:\Users\D's\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-26 14:14 - 2009-07-13 22:45 - 00426384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-26 14:07 - 2011-09-29 13:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-26 14:00 - 2013-07-17 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-26 13:31 - 2012-12-13 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 12:23 - 2012-07-19 10:48 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-26 12:23 - 2011-11-04 08:20 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-26 11:32 - 2014-08-14 10:35 - 00001881 _____ () C:\Users\D's\Desktop\Process Hacker 2.lnk
2014-11-26 10:13 - 2013-10-27 19:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 10:13 - 2013-08-25 11:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 10:13 - 2013-08-25 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:07 - 2013-08-20 12:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-26 10:00 - 2011-06-06 13:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-26 09:52 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-26 09:52 - 2012-12-13 20:26 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-26 09:41 - 2011-10-24 15:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-26 09:39 - 2014-02-03 15:11 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-11-26 09:07 - 2011-09-29 11:41 - 00000000 ____D () C:\Users\D's
2014-11-26 09:00 - 2013-05-06 17:04 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-26 08:58 - 2014-01-19 08:13 - 00000000 ____D () C:\Program Files\Nightly
2014-11-26 08:57 - 2013-05-03 13:10 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-11-26 08:57 - 2011-11-16 10:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-26 08:57 - 2011-10-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-26 08:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2014-11-26 08:56 - 2014-09-11 19:05 - 00000000 ____D () C:\Users\D's\Downloads\The.Giver.2014.REPACK.HDRip.XviD-SaM[ETRG]
2014-11-26 08:56 - 2014-09-10 09:04 - 00000000 ____D () C:\Users\D's\Downloads\Live.Nude.Girls.2014.HDRip.XviD.AC3-EVO
2014-11-26 08:56 - 2014-08-14 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-11-26 08:56 - 2014-08-14 10:35 - 00000000 ____D () C:\Program Files\Process Hacker 2
2014-11-26 08:56 - 2014-01-22 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 08:56 - 2014-01-20 07:36 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-11-26 08:56 - 2014-01-03 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-11-26 08:56 - 2013-09-24 14:39 - 00000000 ____D () C:\ProgramData\Screentime
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\uninstall
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\res
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\modules
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\distribution
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\defaults
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\chrome
2014-11-26 08:56 - 2013-03-23 11:28 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoTrusted
2014-11-26 08:56 - 2013-02-05 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
2014-11-26 08:56 - 2012-10-20 07:04 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Foxit Software
2014-11-26 08:56 - 2012-04-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-11-26 08:56 - 2012-01-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-26 08:56 - 2012-01-12 07:55 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-11-26 08:56 - 2011-12-13 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-11-26 08:56 - 2011-12-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
2014-11-26 08:56 - 2011-12-06 18:26 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks
2014-11-26 08:56 - 2011-09-29 16:46 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Wise Registry Cleaner
2014-11-26 08:56 - 2011-09-29 13:45 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-11-26 08:56 - 2011-06-06 13:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-26 08:56 - 2011-06-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-11-26 08:56 - 2011-06-06 13:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-26 08:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-26 08:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-26 08:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-26 08:52 - 2014-02-03 15:10 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-11-26 08:52 - 2011-10-05 20:12 - 00000000 ____D () C:\ProgramData\SlySoft
2014-11-26 08:51 - 2012-02-17 12:10 - 00000000 ____D () C:\Program Files (x86)\GoTrusted.com
2014-11-26 08:51 - 2011-12-13 11:40 - 00000000 ____D () C:\ProgramData\Acronis
2014-11-26 08:31 - 2013-02-23 11:41 - 00001059 _____ () C:\Users\D's\AppData\Roaming\vso_ts_preview.xml
2014-11-26 07:58 - 2014-08-17 18:42 - 00000000 ____D () C:\Users\D's\Documents\ConvertXToDVD
2014-11-25 05:05 - 2014-08-15 02:30 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Process Hacker 2
2014-11-24 22:00 - 2011-09-29 13:55 - 00000000 ____D () C:\Users\D's\Documents\PcSetup
2014-11-24 21:44 - 2012-02-02 08:17 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Apple Computer
2014-11-24 19:52 - 2012-01-16 20:50 - 00000067 _____ () C:\rescuepe.log
2014-11-24 19:03 - 2011-10-02 08:53 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-11-24 19:01 - 2013-02-12 07:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-24 19:01 - 2013-02-12 07:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-24 19:00 - 2011-09-29 16:24 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Malwarebytes
2014-11-24 18:59 - 2011-10-02 08:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-24 18:59 - 2011-09-29 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 18:56 - 2013-01-24 17:37 - 00000426 _____ () C:\.dir
2014-10-31 23:26 - 2011-09-30 05:48 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat
 
 
Some content of TEMP:
====================
C:\Users\D's\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 09:21
 
==================== End Of Log ============================
 
There was no option to clean/repair/delete, the farbar scan was apparently informational only.
I attached the addition log 
 
The PC is running decently, except my optical drives are completely missing when I look in Computer. There have not been any pop-ups (at least in Chrome there are none as I switched from Firefox thinking that the browser had been hijacked). 
 
Awaiting further instructions....and thanks
 
 

Attached Files



#9 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 November 2014 - 12:38 PM

Disregard the optical drive issue, I inadvertently erased a driver. The optical drives work fine now.

Still looking for bizarre behavior... a couple of programs that were giving me trouble are working fine now (for example Serviio a DLNA desktop app which I could not get to start is behaving as it should now) so things are going my way now....

Awaiting further input.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 30 November 2014 - 02:08 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (Google Wallet) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]
C:\Users\D's\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:39413AC3
AlternateDataStreams: C:\ProgramData\Temp:B0D4D817

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#11 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 November 2014 - 07:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01
Ran by D's at 2014-11-30 18:13:53 Run:1
Running from C:\Users\D's\Desktop\Bleeping computer
Loaded Profile: D's (Available profiles: D's & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (Google Wallet) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
S3 AnyDVD; System32\Drivers\AnyDVD.sys [X]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [X]
C:\Users\D's\AppData\Local\Temp\i4jdel0.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:39413AC3
AlternateDataStreams: C:\ProgramData\Temp:B0D4D817
 
End
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
AnyDVD => Service deleted successfully.
ElbyCDIO => Service deleted successfully.
C:\Users\D's\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":39413AC3" ADS removed successfully.
C:\ProgramData\Temp => ":B0D4D817" ADS removed successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Wise Registry Cleaner 8.21  
 Java version 32-bit out of Date! 
 Adobe Flash Player 15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox (33.1.1) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
The computer seems to be performing better, mostly it seems a lot faster. 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 01 December 2014 - 09:14 AM

Remove old versions of Java.

Please download JavaRa

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

If all is well I do not need to see the log of what was removed.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 03 December 2014 - 03:36 PM

Thanks for the help, and sorry for the delay but I've been away.

I did as you instructed with JavaRa and it said it could not find the Javara.def file. Not sure what that was about.

 

I also downloaded the most current version of Firefox because I prefer that browser but have been using Chrome because the genesis of all my problems seemed to be associated with Firefox. I have had zero problems since your help and thought I would get Firefox up and running. As soon as I DL'd it I got a warning from Malewarebytes about a detected item: PUP.Optional.OutBrowse in my download folder. I didnt even install Firefox, just downloaded it and got this warning.

 

Is this a false positive? Can I just not use Firefox?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:40 AM

Posted 04 December 2014 - 09:39 AM

Thanks for the help, and sorry for the delay but I've been away.
I did as you instructed with JavaRa and it said it could not find the Javara.def file. Not sure what that was about.


That request was just for a cleanup of remant items in the registry.
Forget about it.

===

Did you download Firefox from this site.
https://www.mozilla.org/en-US/firefox/new/

If not delete you download version and try this one.

If you run the installer make sure you reject any 3rd party software that may also be installed.

Keep me posted.

#15 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 04 December 2014 - 10:16 AM

Thanks for the reply. I thought I had downloaded from a legit Firefox site, but apparently not.

I swear that I'm not an idiot, the scammers out there are just getting too good I think.

 

I think all is good, and I appreciate the help. Do you accept Paypal donations?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users