Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Multiple computer issues, Win Explorer stops responding

This is a discussion on Multiple computer issues, Win Explorer stops responding within the Resolved HJT Threads forums, part of the Tech Support Forum category. I'm having numerous issues on my computer, all of them starting a couple weeks ago. The problems include: random shut


 
 
Thread Tools Search this Thread
Old 06-03-2014, 09:48 PM   #1
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



I'm having numerous issues on my computer, all of them starting a couple weeks ago. The problems include: random shut downs, missing desktop icons, applications hang when starting, unable to stop processes using task manager (and sometimes unable to even start task manager), unable to shut down computer (hangs at "shutting down" message), unable to install Windows updates, Windows Explorer frequently stops responding, corrupt emails, and general slowness.

For the past few days it was so bad that I could only start the computer in safe mode. I ran TDSSKiller, RKill and Malwarebytes yesterday which seems to have helped (I can now start the computer normally). In fact for a while I thought it had solved the problems... but I'm still having intermittent issues. I'm hoping you can help me figure out if this is virus/malware related.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Choco at 17:52:18 on 2014-06-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8189.5101 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\vVX6000.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Choco\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wusa.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE
f:\6e75d82b51bc7a4065cf09a75e78be\checksurlauncher.exe
f:\6e75d82b51bc7a4065cf09a75e78be\CheckSUR.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Screenpresso] "C:\Users\Choco\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe" -startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Choco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Choco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Choco\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Choco\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BAF8681F-B7F0-441A-987C-7284A4F4F550} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [VX6000] C:\Windows\vVX6000.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://bing.com/results.aspx?q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Choco\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-3-26 222720]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-6-10 68136]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-7-3 770080]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-2 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2012-6-10 2725376]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-2 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-10 565352]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-7-3 26856]
R3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; [x]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-6-2 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-19 1255736]
S3 X-Rite;X-Rite USB Service;C:\Windows\System32\drivers\XrUsb64.sys [2007-1-29 33600]
S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-06-03 04:19:49 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-03 04:10:52 -------- d-----w- C:\Windows\ERUNT
2014-06-03 04:02:46 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-03 04:02:22 -------- d-----w- C:\AdwCleaner
2014-06-03 03:35:33 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-03 03:26:06 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-06-03 02:45:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-03 02:24:16 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FC75AB2-B2C9-408E-93F5-51B25F9CECA4}\mpengine.dll
2014-06-03 01:58:45 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-03 01:58:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-03 01:58:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-03 01:58:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-03 01:58:12 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-03 01:58:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 20:46:06 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77E7145E-50C3-4BE3-A5EB-B16C8D3D574F}\gapaengine.dll
2014-06-01 20:45:48 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-18 17:59:10 -------- d-----w- C:\Users\Choco\AppData\Local\Amazon
2014-05-18 17:59:04 101184 ----a-w- C:\Windows\System32\stkMonitor.dll
2014-05-18 17:58:58 -------- d-----w- C:\Program Files (x86)\Amazon
2014-05-18 17:35:31 -------- d-----w- C:\Windows\CheckSur
2014-05-18 01:34:07 -------- d--h--w- C:\OneDriveTemp
2014-05-17 23:58:16 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2014-05-10 23:22:44 -------- d-----w- C:\Program Files (x86)\Windows Phone
2014-05-10 23:12:00 -------- d-----w- C:\Users\Choco\AppData\Local\Applications
2014-05-06 10:00:17 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 04:32:18 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 04:32:18 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 10:00:21 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-05 10:00:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
==================== Find3M ====================
.
2014-06-04 00:48:58 25640 ----a-w- C:\Windows\gdrv.sys
2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-29 23:01:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-29 23:01:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-19 22:27:44 76496 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-08 04:42:06 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 17:52:30.72 ===============
Attached Files
File Type: zip attach.zip (5.1 KB, 49 views)
Ugarte is offline  
Sponsored Links
Advertisement
 
Old 06-04-2014, 12:17 AM   #2
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



ugarte,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.
DrDOS is offline  
Old 06-05-2014, 05:55 AM   #3
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



Thanks! Looking forward to some help with this.
Ugarte is offline  
Sponsored Links
Advertisement
 
Old 06-06-2014, 09:19 PM   #4
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



ugarte,

Welcome to TSF. My name is Drew. I will be helping you with the concern that brought you here.

I am currently reviewing any log(s) you posted. If you haven't done so, Read This Before Posting For Malware Removal Help. This might be a good time to get familiar with what we can do, how you can help (by running the tools and providing their logs) and what you can expect from your visit at TSF.

Digest the following when you can if there is no problem following my instructions. Take note of some guidelines (sorry for the length .. they are kind of important) for this fix so we can work together to resolve any issues.
  1. Read my instructions completely. If you do not understand any step(s) provided, feel free to Stop. Let me know what is unclear. I would much rather clarify instructions or explain them in a different way than have something important broken. There really is no "dumb" question here.

  2. Perform everything in the order offered. Sometimes one step requires the previous one.

  3. "Save it to your DeskTop" is said in many of our tools. In later versions of Windows, "where" to save a file is not always offered. The default location is
    C:\Users\Choco\Downloads
    Move (or at least copy) your download from here and put it on your DeskTop. Run the tool from there based on the instructions given.

  4. Post all log files in your reply rather than as an attachment unless I specifically ask you to do so. If you can not post all log files in one reply, feel free to use several posts. Please post these log files in their entirety. If you are trying to show me something, just add a NOTE and say so. I really need to see the whole picture.

  5. Some malware may take a lot of steps to resolve, or in the worst case, reloading your system entirely. I can't stress enough the importance for you to backup any data. Whatever your method, it is an important step to do this before beginning any malware fix.

  6. Refrain from making any changes to your computer including installing/uninstalling any programs, deleting files, modifying the registry, and running any scanners or tools unless I tell you to do so. Doing so could be confusing for me and cause changes to the directions I have to give you and extend the time required to fix your computer. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.

  7. If you need to change any passwords, please do so from another, clean computer. Using this one may make things worse for you.

  8. Even if things appear to be better, it might not mean we are truly done. Please continue to follow my instructions and reply back until I give you the all clear. We do not want to clean you part-way, only to have the system re-infected for some reason. I will also give you some advice about prevention. Absence of symptoms does not always mean the computer is clean.

  9. Please set your system to show all files. Each system is a bit different so again, ask if you're not sure how. Return this setting when done.

  10. You may wish to Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near the top), then click Subscribe to this Thread. Make sure it is set to Instant Notification by email, then click Add Subscription.

If I haven't lost you, let's get started. I look forward to fixing your computer and getting you back to safe surfing.


  1. You might need to look at how fragmented your C: is and whether it is getting too full. There are many Google websites that indicate keeping your free space high but I generally use a benchmark of no less than 20%.

    Further Reading and How To Figure Out Percentage

  2. It looks like you may have run the tool AdwCleaner. Please post any recent logs from this or other tools especially HitmanPro, TDSSKiller and Malwarebytes.

  3. Please download Malwarebytes Anti-Rootkit (MBAR) from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

    Doubleclick on the MBAR file and allow it to run.

    • Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
    • mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
    • After reading the Introduction, click 'Next' if you agree.
    • On the Update Database screen, click on the 'Update' button.
    • Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

    With some infections, you may see two messages boxes:

    1. 'Could not load protection driver'. Click 'OK'.
    2. 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

    If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

    I'd like to see the log first so I can see what it may be targeting. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please post the contents of that log in your next reply.



    Logs I need from you (in mbar folder on DeskTop)

    MBAR-log-<date and time>***.txt
    system-log.txt

  4. Please download Farbar Recovery Scan Tool from here Farbar Recovery Scan Tool Download and save it to your desktop.

    Note: You need to run the version compatible with your system. For you, this would be the 64-bit version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Click the Scan button.
    • When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.
    • The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.


Recent logs I need from you - as shown or check folder where tool was run from
  • AdwCleaner - check c:\AdwCleaner folder for recent logs
  • HitmanPro - HitmanPro_20140606_0657.log - check Documents folder
  • TDSSKiller - C:\TDSSKiller.2.3.0.0_24.05.2014_05.31.43_log.txt
  • Malwarebytes - check History<Application Logs<Scan Log
  • MBAR-log-<date and time>***.txt - check mbar folder
  • system-log.txt - check mbar folder
DrDOS is offline  
Old 06-07-2014, 10:23 AM   #5
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



Thanks for your help. My C: drive is a 128GB SSD drive with 18GB available. I tried to clean it up a bit, but wasn't able to free up much space.

When I tried to run mbar.exe I got the "'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart" message. When I clicked "Yes" I then got the "Could not load protection driver" message. I did a manual restart and my system tried to install Windows updates, but got stuck (again) at the "Installing Update 1 of 1" screen. I waited 15 minutes and finally did a hard reboot.

mbar ran after the reboot, and said "No malware found!" Here are the logs:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.06.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17105
Choco :: CHOCO-PC [administrator]

6/7/2014 9:59:22 AM
mbar-log-2014-06-07 (09-59-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 364546
Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.422000 GHz
Memory total: 8587010048, free: 4372086784

Downloaded database version: v2014.06.07.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
DDA Driver installation error.
Could not install driver on boot. Scan can't continue
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.422000 GHz
Memory total: 8587010048, free: 6746148864

Downloaded database version: v2014.06.07.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/07/2014 09:59:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\VX6000Xp.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\VX6KCamd.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\SiUSBXp.sys
\SystemRoot\system32\drivers\SiLib.sys
\SystemRoot\System32\drivers\rdpdr.sys
\??\C:\Windows\gdrv.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\usp10.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa80094d5790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009d\
Lower Device Object: 0xfffffa80094d4060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008f87060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa8008f7e060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007295060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP7T0L0-b\
Lower Device Object: 0xfffffa8007043060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007294060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-8\
Lower Device Object: 0xfffffa8007035060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007293060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-a\
Lower Device Object: 0xfffffa800706d1f0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007294060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007294b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007294060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80069cc9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007035060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007293060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007293b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007293060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800706d1f0, DeviceName: \Device\Ide\IdeDeviceP6T0L0-a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 199212AC

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976766976

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3ADC1564

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 249860096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 1 (1-2047-250049680-250069680)...
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007295060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007295b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007295060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007043060, DeviceName: \Device\Ide\IdeDeviceP7T0L0-b\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 65C9D70D

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1250258944

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8008f87060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f87b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f87060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008f7e060, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80094d5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80094d7040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80094d5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80094d4060, DeviceName: \Device\0000009d\, DriverName: \Driver\USBSTOR\
------------ End ----------
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
Ugarte is offline  
Old 06-07-2014, 10:36 AM   #6
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



Farbar installed and ran normally. Here are the results:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Choco (administrator) on CHOCO-PC on 07-06-2014 10:24:51
Running from C:\Users\Choco\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit-tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Learnpulse) C:\Users\Choco\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1809451918-3610656602-859124311-1000\...\Run: [Fitbit Service Monitor] => C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2177056 2012-04-11] (Fitbit, Inc.)
HKU\S-1-5-21-1809451918-3610656602-859124311-1000\...\Run: [Screenpresso] => C:\Users\Choco\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [10297360 2014-05-21] (Learnpulse)
HKU\S-1-5-21-1809451918-3610656602-859124311-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1809451918-3610656602-859124311-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF633DF6A9E4ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} https://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/
FF Keyword.URL: hxxp://bing.com/results.aspx?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Choco\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Choco\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: LastPass - C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\Extensions\[email protected] [2014-05-17]
FF Extension: Adblock Plus - C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-17]

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-26] (CrashPlan)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 Stereo Service; No ImagePath

==================== Drivers (Whitelisted) ====================

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 X-Rite; C:\Windows\System32\DRIVERS\XrUsb64.sys [33600 2013-01-10] (X-Rite, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 10:24 - 2014-06-07 10:25 - 00015461 _____ () C:\Users\Choco\Desktop\FRST.txt
2014-06-07 10:24 - 2014-06-07 10:24 - 00000000 ____D () C:\FRST
2014-06-07 10:23 - 2014-06-07 10:23 - 02072576 _____ (Farbar) C:\Users\Choco\Desktop\FRST64.exe
2014-06-07 09:59 - 2014-06-07 10:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-07 09:44 - 2014-06-07 10:21 - 00000000 ____D () C:\Users\Choco\Desktop\mbar
2014-06-07 09:43 - 2014-06-07 09:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Choco\Desktop\mbar-1.07.0.1012.exe
2014-06-06 22:07 - 2014-06-06 22:07 - 00000677 _____ () C:\Users\Choco\Desktop\temp photos.lnk
2014-06-06 21:59 - 2014-06-07 09:39 - 00000000 ____D () C:\Users\Choco\Desktop\For next post
2014-06-06 21:58 - 2014-06-06 21:58 - 00023448 _____ () C:\Users\Choco\Desktop\bookmarks-2014-06-06.json
2014-06-03 21:24 - 2014-06-03 21:24 - 00005199 _____ () C:\Users\Choco\Desktop\attach.zip
2014-06-03 21:23 - 2014-06-03 21:23 - 00021082 _____ () C:\Users\Choco\Desktop\ark.txt
2014-06-03 17:52 - 2014-06-03 17:52 - 00020702 _____ () C:\Users\Choco\Desktop\dds.txt
2014-06-03 17:52 - 2014-06-03 17:52 - 00009685 _____ () C:\Users\Choco\Desktop\attach.txt
2014-06-03 17:51 - 2014-06-03 17:51 - 00688992 ____R (Swearware) C:\Users\Choco\Desktop\dds.scr
2014-06-03 17:47 - 2014-06-03 17:40 - 551293744 _____ () C:\Users\Choco\Desktop\Windows6.1-KB947821-v33-x64.msu
2014-06-02 21:19 - 2014-06-02 21:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-02 21:17 - 2014-06-02 21:19 - 02347384 _____ (ESET) C:\Users\Choco\Downloads\esetsmartinstaller_enu.exe
2014-06-02 21:15 - 2014-06-02 21:15 - 00058532 _____ () C:\Users\Choco\Desktop\JRT.txt
2014-06-02 21:10 - 2014-06-02 21:10 - 01016261 _____ (Thisisu) C:\Users\Choco\Downloads\JRT.exe
2014-06-02 21:10 - 2014-06-02 21:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:02 - 2014-06-02 21:03 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:02 - 2014-06-02 21:02 - 01327971 _____ () C:\Users\Choco\Downloads\adwcleaner_3.211.exe
2014-06-02 21:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 20:35 - 2014-06-02 20:35 - 05230080 _____ () C:\Users\Choco\Downloads\RogueKillerX64.exe
2014-06-02 20:35 - 2014-06-02 20:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-02 20:26 - 2014-06-02 20:26 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-02 20:23 - 2014-06-02 20:23 - 00000790 _____ () C:\Windows\system32\.crusader
2014-06-02 19:45 - 2014-06-02 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-02 19:21 - 2014-06-02 19:22 - 10971424 _____ (SurfRight B.V.) C:\Users\Choco\Downloads\HitmanPro_x64.exe
2014-06-02 18:58 - 2014-06-07 09:59 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 18:58 - 2014-06-07 09:57 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 18:58 - 2014-06-02 18:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 18:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 18:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 18:57 - 2014-06-02 19:19 - 00001421 _____ () C:\Users\Choco\Desktop\iExplore.exe - Shortcut.lnk
2014-06-02 18:57 - 2014-06-02 18:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Choco\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 18:55 - 2014-06-02 19:19 - 00002232 _____ () C:\Users\Choco\Desktop\Rkill.txt
2014-06-02 18:55 - 2014-06-02 18:55 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Choco\Downloads\iExplore.exe
2014-06-02 18:52 - 2014-06-02 18:53 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Choco\Downloads\tdsskiller.exe
2014-05-21 16:34 - 2014-05-21 16:34 - 00017914 _____ () C:\Users\Choco\Documents\bookmark.htm
2014-05-20 17:58 - 2014-05-20 17:58 - 00124448 _____ () C:\Users\Choco\Downloads\CSA Policy for RC.zip
2014-05-18 10:59 - 2014-05-18 10:59 - 00101184 _____ (Amazon.com, Inc.) C:\Windows\system32\stkMonitor.dll
2014-05-18 10:58 - 2014-05-18 10:58 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 ____D () C:\Windows\CheckSur
2014-05-17 18:34 - 2014-05-17 18:34 - 00000000 ___HD () C:\OneDriveTemp
2014-05-17 16:58 - 2014-05-17 18:39 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-05-17 15:55 - 2014-05-17 15:55 - 00000000 ____D () C:\Users\Choco\Desktop\Old Firefox Data
2014-05-16 18:38 - 2014-05-16 18:38 - 00485520 _____ () C:\Users\Choco\Downloads\More.zip
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-05-10 16:15 - 2014-05-10 16:15 - 00003124 _____ () C:\Windows\System32\Tasks\{22908833-9485-41A9-8069-E7A6275D1A91}
2014-05-10 16:11 - 2014-05-10 16:11 - 06745792 _____ (Microsoft Corporation) C:\Users\Choco\Downloads\WindowsPhone(2).exe
2014-05-10 16:11 - 2014-05-10 16:11 - 06745792 _____ (Microsoft Corporation) C:\Users\Choco\Downloads\WindowsPhone(1).exe
2014-05-09 18:51 - 2014-05-09 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 17:59 - 2014-05-08 17:59 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-06-07 10:25 - 2014-06-07 10:24 - 00015461 _____ () C:\Users\Choco\Desktop\FRST.txt
2014-06-07 10:24 - 2014-06-07 10:24 - 00000000 ____D () C:\FRST
2014-06-07 10:23 - 2014-06-07 10:23 - 02072576 _____ (Farbar) C:\Users\Choco\Desktop\FRST64.exe
2014-06-07 10:21 - 2014-06-07 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-07 10:21 - 2014-06-07 09:44 - 00000000 ____D () C:\Users\Choco\Desktop\mbar
2014-06-07 10:08 - 2012-06-09 23:43 - 01825275 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 10:03 - 2009-07-13 21:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 10:03 - 2009-07-13 21:45 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 10:02 - 2009-07-13 22:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-07 09:59 - 2014-06-02 18:58 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 09:57 - 2014-06-02 18:58 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-07 09:56 - 2013-11-26 04:18 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-07 09:56 - 2013-08-03 17:52 - 00409600 ___SH () C:\Users\Choco\Desktop\Thumbs.db
2014-06-07 09:56 - 2012-07-07 11:51 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 09:56 - 2012-06-10 08:38 - 00000144 _____ () C:\service.log
2014-06-07 09:56 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 09:56 - 2009-07-13 21:51 - 00094734 _____ () C:\Windows\setupact.log
2014-06-07 09:45 - 2012-09-10 17:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000UA.job
2014-06-07 09:43 - 2014-06-07 09:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Choco\Desktop\mbar-1.07.0.1012.exe
2014-06-07 09:39 - 2014-06-06 21:59 - 00000000 ____D () C:\Users\Choco\Desktop\For next post
2014-06-07 08:56 - 2012-07-07 11:51 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 22:45 - 2012-09-10 17:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000Core.job
2014-06-06 22:07 - 2014-06-06 22:07 - 00000677 _____ () C:\Users\Choco\Desktop\temp photos.lnk
2014-06-06 21:58 - 2014-06-06 21:58 - 00023448 _____ () C:\Users\Choco\Desktop\bookmarks-2014-06-06.json
2014-06-06 21:35 - 2012-08-11 21:03 - 00000000 ___RD () C:\Users\Choco\SkyDrive
2014-06-03 21:24 - 2014-06-03 21:24 - 00005199 _____ () C:\Users\Choco\Desktop\attach.zip
2014-06-03 21:23 - 2014-06-03 21:23 - 00021082 _____ () C:\Users\Choco\Desktop\ark.txt
2014-06-03 17:55 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\Choco\Desktop\gmer.exe
2014-06-03 17:52 - 2014-06-03 17:52 - 00020702 _____ () C:\Users\Choco\Desktop\dds.txt
2014-06-03 17:52 - 2014-06-03 17:52 - 00009685 _____ () C:\Users\Choco\Desktop\attach.txt
2014-06-03 17:51 - 2014-06-03 17:51 - 00688992 ____R (Swearware) C:\Users\Choco\Desktop\dds.scr
2014-06-03 17:40 - 2014-06-03 17:47 - 551293744 _____ () C:\Users\Choco\Desktop\Windows6.1-KB947821-v33-x64.msu
2014-06-02 21:19 - 2014-06-02 21:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-02 21:19 - 2014-06-02 21:17 - 02347384 _____ (ESET) C:\Users\Choco\Downloads\esetsmartinstaller_enu.exe
2014-06-02 21:15 - 2014-06-02 21:15 - 00058532 _____ () C:\Users\Choco\Desktop\JRT.txt
2014-06-02 21:10 - 2014-06-02 21:10 - 01016261 _____ (Thisisu) C:\Users\Choco\Downloads\JRT.exe
2014-06-02 21:10 - 2014-06-02 21:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:05 - 2010-11-20 20:47 - 00334402 _____ () C:\Windows\PFRO.log
2014-06-02 21:03 - 2014-06-02 21:02 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:02 - 2014-06-02 21:02 - 01327971 _____ () C:\Users\Choco\Downloads\adwcleaner_3.211.exe
2014-06-02 20:35 - 2014-06-02 20:35 - 05230080 _____ () C:\Users\Choco\Downloads\RogueKillerX64.exe
2014-06-02 20:35 - 2014-06-02 20:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-02 20:26 - 2014-06-02 20:26 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-02 20:23 - 2014-06-02 20:23 - 00000790 _____ () C:\Windows\system32\.crusader
2014-06-02 20:23 - 2014-06-02 19:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-02 19:22 - 2014-06-02 19:21 - 10971424 _____ (SurfRight B.V.) C:\Users\Choco\Downloads\HitmanPro_x64.exe
2014-06-02 19:19 - 2014-06-02 18:57 - 00001421 _____ () C:\Users\Choco\Desktop\iExplore.exe - Shortcut.lnk
2014-06-02 19:19 - 2014-06-02 18:55 - 00002232 _____ () C:\Users\Choco\Desktop\Rkill.txt
2014-06-02 19:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-02 18:58 - 2014-06-02 18:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 18:58 - 2014-06-02 18:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 18:57 - 2014-06-02 18:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Choco\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 18:55 - 2014-06-02 18:55 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Choco\Downloads\iExplore.exe
2014-06-02 18:53 - 2014-06-02 18:52 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Choco\Downloads\tdsskiller.exe
2014-06-01 13:48 - 2012-09-10 17:42 - 00002364 _____ () C:\Users\Choco\Desktop\Google Chrome.lnk
2014-05-21 16:34 - 2014-05-21 16:34 - 00017914 _____ () C:\Users\Choco\Documents\bookmark.htm
2014-05-20 17:58 - 2014-05-20 17:58 - 00124448 _____ () C:\Users\Choco\Downloads\CSA Policy for RC.zip
2014-05-19 20:35 - 2012-07-04 18:55 - 00000000 ____D () C:\Users\Choco\Documents\My Digital Editions
2014-05-18 10:59 - 2014-05-18 10:59 - 00101184 _____ (Amazon.com, Inc.) C:\Windows\system32\stkMonitor.dll
2014-05-18 10:58 - 2014-05-18 10:58 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-05-18 10:55 - 2012-07-03 22:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 10:40 - 2012-06-20 18:17 - 00000000 ____D () C:\Windows\pss
2014-05-18 10:40 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 10:35 - 2014-05-18 10:35 - 00000000 ____D () C:\Windows\CheckSur
2014-05-18 08:52 - 2012-06-09 23:43 - 00000000 ___RD () C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 08:46 - 2013-03-23 18:28 - 00000000 ___RD () C:\Users\Choco\Dropbox
2014-05-17 18:40 - 2014-02-02 11:14 - 00000000 ____D () C:\Windows\System32\Tasks\HardDiskSentinel
2014-05-17 18:40 - 2014-02-02 11:14 - 00000000 ____D () C:\Users\Choco\AppData\Roaming\Hard Disk Sentinel
2014-05-17 18:40 - 2012-12-07 19:24 - 00000000 ____D () C:\Users\Mcx1-CHOCO-PC
2014-05-17 18:40 - 2012-09-10 17:42 - 00000000 ____D () C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-17 18:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-17 18:39 - 2014-05-17 16:58 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-05-17 18:39 - 2014-02-02 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2014-05-17 18:39 - 2012-07-03 22:00 - 00000000 __RHD () C:\MSOCache
2014-05-17 18:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-17 18:34 - 2014-05-17 18:34 - 00000000 ___HD () C:\OneDriveTemp
2014-05-17 17:45 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 17:43 - 2012-06-19 21:28 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 17:42 - 2014-02-20 09:52 - 00002174 _____ () C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-05-17 17:41 - 2014-02-02 11:13 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-05-17 17:41 - 2012-06-09 23:43 - 00000000 ____D () C:\Users\Choco
2014-05-17 15:55 - 2014-05-17 15:55 - 00000000 ____D () C:\Users\Choco\Desktop\Old Firefox Data
2014-05-16 18:38 - 2014-05-16 18:38 - 00485520 _____ () C:\Users\Choco\Downloads\More.zip
2014-05-12 07:26 - 2014-06-02 18:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 18:58 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 22:33 - 2013-07-07 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 22:23 - 2012-09-14 21:04 - 00000000 ____D () C:\Users\Choco\Documents\My Media
2014-05-10 17:03 - 2012-07-04 18:58 - 00000000 ____D () C:\Users\Choco\AppData\Roaming\calibre
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2014-05-10 16:22 - 2014-05-10 16:22 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-05-10 16:15 - 2014-05-10 16:15 - 00003124 _____ () C:\Windows\System32\Tasks\{22908833-9485-41A9-8069-E7A6275D1A91}
2014-05-10 16:11 - 2014-05-10 16:11 - 06745792 _____ (Microsoft Corporation) C:\Users\Choco\Downloads\WindowsPhone(2).exe
2014-05-10 16:11 - 2014-05-10 16:11 - 06745792 _____ (Microsoft Corporation) C:\Users\Choco\Downloads\WindowsPhone(1).exe
2014-05-09 18:51 - 2014-05-09 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 23:51 - 2012-07-07 11:51 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 23:51 - 2012-07-07 11:51 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 17:59 - 2014-05-08 17:59 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-08 17:59 - 2013-11-18 21:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-08 17:59 - 2013-07-05 10:03 - 00000000 ____D () C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 14:11

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Choco at 2014-06-07 10:25:08
Running from C:\Users\Choco\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CrashPlan (HKLM\...\{BA4F07DC-4D9E-4D68-A133-7363E7161B76}) (Version: 3.2.1 - CrashPlan)
CrystalDiskInfo 6.1.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Duplicate Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 4.2.1.0 - Ashisoft)
DVD Architect Pro 5.2 (HKLM-x32\...\{84DCF701-6F86-11E1-82E0-005056C00008}) (Version: 5.2.135 - Sony)
Easy Tune 6 B11.1124.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
EasySaver B9.1214.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Fitbit Base Station (Driver Removal) (HKLM-x32\...\FITBIT&10C4&84C4) (Version: - Fitbit)
Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Fitbit v2.1.0.8 (HKLM-x32\...\Fitbit Data Uploader_is1) (Version: 2.1.0.8 - Fitbit, Inc.)
Garmin BaseCamp (HKLM-x32\...\{2AC5A6D5-697D-4A15-9E3D-B4814ADFFC6F}) (Version: 4.2.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Levelator (HKLM-x32\...\Levelator_is1) (Version: - The Conversations Network)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Magic Bullet Quick Looks Vegas (HKLM-x32\...\Magic Bullet Quick Looks Vegas) (Version: - )
Magic Bullet Quick LooksBuilder (HKLM-x32\...\Magic Bullet Quick LooksBuilder) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Raw Codec and Editor v0.9.2 x64 (HKLM\...\{713B09EB-9516-440C-A645-63C6A4934742}) (Version: 0.9.2.0 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}) (Version: 1.0.0000.129 - Microsoft Studios)
Microsoft Flight (x32 Version: 1.0.0000.129 - Microsoft Studios) Hidden
Microsoft Flight (x32 Version: 1.0.0004.129 - Microsoft Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MonacoOPTIX 2.0 (HKLM-x32\...\{6B0A882B-3AB7-45FE-B1E1-9A832413D699}) (Version: - )
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Python 2.7 pycrypto-2.3 (HKLM-x32\...\{422EB670-90F6-4332-AEAE-5128AFF84FDD}) (Version: 2.3.0 - Dwayne C. Litzenberger)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Screenpresso (HKCU\...\Screenpresso) (Version: 1.5.0.0 - Learnpulse)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spb Mobile DVD (HKLM-x32\...\{A958E835-BDF0-473F-9DC1-0D952C941625}) (Version: 1.00.0000 - Spb Software House)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Vegas Pro 10.0 (64-bit) (HKLM\...\{7A92C561-A1D5-11E0-92E1-0013D3D69929}) (Version: 10.0.738 - Sony)
Vegas Pro 10.0 (HKLM-x32\...\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}) (Version: 10.0.737 - Sony)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points =========================

02-06-2014 12:28:00 Windows Update
03-06-2014 13:28:30 Windows Update
04-06-2014 00:25:10 Windows Update
04-06-2014 00:36:44 Windows Update
04-06-2014 00:40:46 Windows Update
04-06-2014 00:49:46 Windows Update
07-06-2014 17:08:02 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {155D006D-70C6-4F8D-81D4-7C87003D498E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-07] (Google Inc.)
Task: {341E7B3C-3BF3-4DF0-844E-F0C84768F0FB} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-CHOCO-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {4770E02E-2327-4465-B410-1E51F8C6AB82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29] (Adobe Systems Incorporated)
Task: {8DF7AEAF-9371-41B2-B0D8-B7292787645F} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {8FBAC3FC-0D35-4DF0-822F-05FDE063D7C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000Core => C:\Users\Choco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {B08E0525-3E35-4125-9321-CE3A4CDCE9CA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {E0837A94-8845-4C81-9950-E9F76014679C} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Choco => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2014-01-30] (H.D.S. Hungary)
Task: {E6DDA78C-DF67-4C92-915C-4C5BB92B6F23} - System32\Tasks\SyncToy => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {E8C4CAAE-492A-44EE-87F4-EEBC5B38A02C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000UA => C:\Users\Choco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {F91F3EA9-89AC-4476-A94E-E1608E87AB94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000Core.job => C:\Users\Choco\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1809451918-3610656602-859124311-1000UA.job => C:\Users\Choco\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-19 21:46 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-26 09:58 - 2012-03-26 09:58 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-02-28 22:21 - 2014-02-28 22:21 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2012-06-10 08:38 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2012-06-10 09:46 - 2008-07-11 00:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2012-06-10 09:46 - 2008-07-11 00:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-06-10 08:38 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2012-06-10 09:46 - 2011-04-18 23:56 - 00143360 _____ () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2014-05-09 18:51 - 2014-05-09 18:51 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-17 18:12 - 2014-05-17 18:12 - 01020928 _____ () C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MonacoReminder.lnk => C:\Windows\pss\MonacoReminder.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Choco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Choco\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Choco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2014 10:02:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/07/2014 10:02:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/07/2014 09:58:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 10:17:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 818

Start Time: 01cf7f8ec55abdbe

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id:

Error: (06/06/2014 09:34:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2014 05:55:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wusa.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 120c

Start Time: 01cf7f8ed551612d

Termination Time: 2

Application Path: C:\Windows\system32\wusa.exe

Report Id:

Error: (06/03/2014 05:54:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/03/2014 05:54:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/03/2014 05:50:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 05:46:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wusa.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bac

Start Time: 01cf7f8d993679dd

Termination Time: 9

Application Path: C:\Windows\SysWOW64\wusa.exe

Report Id:


System errors:
=============
Error: (06/07/2014 09:56:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error:
%%3

Error: (06/07/2014 09:56:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:55:02 AM on ‎6/‎7/‎2014 was unexpected.

Error: (06/06/2014 10:17:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (06/03/2014 05:48:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error:
%%3

Error: (06/03/2014 05:48:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Hotfix for Windows (KB947821).

Error: (06/03/2014 05:37:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007065e: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2953522).

Error: (06/03/2014 05:27:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error:
%%3

Error: (06/03/2014 05:25:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007065e: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2953522).

Error: (06/03/2014 07:27:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (06/03/2014 06:28:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007065e: Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2953522).


Microsoft Office Sessions:
=========================
Error: (06/07/2014 10:02:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/07/2014 10:02:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (06/07/2014 09:58:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 10:17:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756781801cf7f8ec55abdbe0C:\Windows\Explorer.EXE

Error: (06/06/2014 09:34:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Choco\Downloads\esetsmartinstaller_enu.exe

Error: (06/03/2014 05:55:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wusa.exe6.1.7601.17514120c01cf7f8ed551612d2C:\Windows\system32\wusa.exe

Error: (06/03/2014 05:54:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/03/2014 05:54:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (06/03/2014 05:50:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 05:46:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wusa.exe6.1.7601.17514bac01cf7f8d993679dd9C:\Windows\SysWOW64\wusa.exe


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8189.21 MB
Available physical RAM: 5817 MB
Total Pagefile: 16376.6 MB
Available Pagefile: 13647.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:17.91 GB) NTFS
Drive d: (Media) (Fixed) (Total:596.17 GB) (Free:111.62 GB) NTFS
Drive e: (Office 2010) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF
Drive f: (Media 2) (Fixed) (Total:465.76 GB) (Free:162.64 GB) NTFS
Drive g: (Backup Drive 1) (Fixed) (Total:465.76 GB) (Free:101.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 199212AC)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 3ADC1564)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 65C9D70D)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 466 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Ugarte is offline  
Old 06-07-2014, 10:40 AM   #7
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



And... here are the other logs you asked for:

# AdwCleaner v3.211 - Report created 02/06/2014 at 21:03:47
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Choco - CHOCO-PC
# Running from : C:\Users\Choco\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.apu.edu/search?q={searchTerms}&go=Go&site=apu&client=apu&output=xml_no_dtd&proxystylesheet=apu&u=MTAuMTAuMTM3LjQuMTI1NDIzNjI4MjAyMTUwNQ%3D%3D
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [1445 octets] - [02/06/2014 21:02:32]
AdwCleaner[S0].txt - [1376 octets] - [02/06/2014 21:03:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1436 octets] ##########




Code:
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : CHOCO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Choco-PC\Choco
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)

   Scan date . . . . . . : 2014-06-02 19:46:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 34s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 90

   Objects scanned . . . : 2,421,076
   Files scanned . . . . : 191,170
   Remnants scanned  . . : 918,991 files / 1,310,915 keys

Malware _____________________________________________________________________

   C:\Users\Choco\Downloads\AudioConverterSetup.exe -> Quarantined
      Size . . . . . . . : 1,144,592 bytes
      Age  . . . . . . . : 627.9 days (2012-09-12 21:13:10)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : 0ECF54BFE191667E3466C79FE20CC4CDBB8BADFDB0108A6298B90962FFC46D3E
    > Bitdefender  . . . : Adware.Generic.453563
      Fuzzy  . . . . . . : 110.0


Suspicious files ____________________________________________________________

   C:\Users\Choco\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe -> Quarantined
      Size . . . . . . . : 3,168,576 bytes
      Age  . . . . . . . : 384.9 days (2013-05-13 21:35:33)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : C219B07C13DE0C45CB0D51CCD6971A389DCEDA316964CCBBF4F87CA60B31D01A
      RSA Key Size . . . : 2048
      Authenticode . . . : Self-signed
      Running processes  : 4072
      Fuzzy  . . . . . . : 24.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-1809451918-3610656602-859124311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Cloud Player
      Network Ports
         127.0.0.1:4750    


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:azusapacificuniversity.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbsdigitalmedia.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:cisco.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:cmpmedica.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:cruisecritic.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:eventbrite.122.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:ewscripps.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlcashback.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:netgear.122.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:rcci.122.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.500px.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:subaruofamerica.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:timeinc.122.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:wotifcom.112.2o7.net
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Choco\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\1TDDP4BA.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\1V9ZDE4F.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\3IRJSIXZ.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\6P8308PP.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\9FXU3MO6.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\AOUQ2NUU.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\AVTSM6OO.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\D5JUH94E.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\F09QT7V4.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\NCG4WQSU.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\NE5QFS3S.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\NSX2319L.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\RM73QFSV.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\TZY9KPXC.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\Y25Q2462.txt
   C:\Users\Choco\AppData\Roaming\Microsoft\Windows\Cookies\ZAIRO82L.txt
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:atdmt.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:becu.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:cruisecritic.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:dmtracker.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:doubleclick.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:eventbrite.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:in.getclicky.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:msnbc.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:msnportal.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:rcci.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\ybgdefii.default\cookies.sqlite:seattletimes.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:ad.auditude.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:amazonlocal.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:atdmt.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:azusapacificuniversity.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:care2.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:cruisecritic.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:dmtracker.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:doubleclick.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:gpaper10best.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:in.getclicky.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:mediaplex.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:msnbc.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:mswmwpapolloprod.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:rcci.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:seattletimes.112.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:statcounter.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:stats.ftb.ca.gov
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:timeinc.122.2o7.net
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:track.performancebike.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:uk.sitestat.com
   C:\Users\Choco\AppData\Roaming\Mozilla\Firefox\Profiles\yljgepfw.default-1400367341236\cookies.sqlite:xiti.com
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 6/6/2014
Scan Time: 1:45:52 AM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Choco

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364902
Time Elapsed: 5 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Ugarte is offline  
Old 06-08-2014, 05:53 AM   #8
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



ugarte,

Thanks for all those logs. They all look clean.

There may be an issue not malware-related that another group at TSF can help with. I'd suggest you post at Windows 7 Support, Windows Vista Support. Please read https://www.techsupportforum.com/foru...ou-615377.html before you do.

  1. Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.

  2. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
    • Download the latest version of Java Runtime Environment (JRE) 7.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel > Programs, and remove all older versions of Java. Specifically
      Java 7 Update 55
      Java(TM) 7 Update 5 (64-bit)
    • Click the Remove or Change/Remove button.
    • Then from your desktop double-click on jre-7u60-windows-i586.exe to install the newest version.
    • After the install is complete, go into the Control Panel > Programs > Java (this is using the default Category view - if you are using something different, the Java Icon looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

      • Click OK on Delete Temporary Files Window

        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

    Further Reading - Which Java download should I choose for my 64-bit Windows operating system?


All your logs are now clean.

You may delete any other remaining tools and/or their associated logs/folders from the desktop/or where you ran them from: simply right-click and delete.

Now that your system is clean, it is recommended that you update your Operating System to close any vulnerabilities and help make your system more secure against attack. You should visit Windows Updates and download any required patches for your system.

To help protect your computer in the future I recommend that you read the following articles:

Staying Safe on the Internet
Making Internet Explorer Safer.
Think Prevention!

Some further reading: Disable Java in browsers

Please ensure you have an Anti Virus installed and updated regularly as well as a firewall to block intrusion attempts. For additional protection, I would suggest using a Hosts file that blocks access to thousands of known bad sites, a spyware blocker such as Spyware Blaster and the combined protection of Spybot's scanner and real time function Tea Timer. Full details can be found in the links below:

MVPS Hosts file
Spyware Blaster
Spybot - Search & Destroy

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

  • AdblockPlus from here
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.

  • Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items. Check for updates weekly.

  • WOT from here.

    Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an add on available for both Firefox and IE.

  • Winpatrol

    A heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE

    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

  • ANTIVIRUS SOFTWARE

    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • IM from here or here.

    Trillian or Miranda-IM are Malware free Instant Messenger programs which allows you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • ERUNT from here. A useful freeware utility for users of Windows 2000/XP/7/Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders and disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Passwords

    Tired of having to remember many passwords for many sites? Or falling into the lowered security habit of using the same password wherever you go on the internet? Kick that habit with the free program keepass which will remember all those usernames and passwords for you. Just remember one master password and let the program remember the rest. Get the latest version and enjoy!

  • Hardware/Software Inventory

    The Belarc Advisor displays a detailed profile of your installed software and hardware, network inventory, missing Microsoft hotfixes, anti-virus status, security benchmarks, and displays all the results in your Web browser. The Belarc Advisor is licensed for personal use only and is not permitted to be used for any commercial or government purposes.


Please respond to this thread one more time so we can mark this thread as resolved.
DrDOS is offline  
Old 06-10-2014, 10:20 AM   #9
Registered Member
 
Join Date: Jun 2014
Posts: 8
OS: Windows 7 SP1



Thanks for your help. At least I now know that it's not a virus/malware problem. I'll head over to the Win7 forum if I continue to have issues.
Ugarte is offline  
Old 06-28-2014, 09:32 AM   #10
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!
amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Update acting weird!
I don't think this is a problem, more of a curiosity, hence posting here. If it turns out that it is a problem, I'll get someone to move it to the appropriate forum. Got a notification earlier that new updates are available. As you will see from the pics, "4 important updates available" but only...
Deejay100six Offline 13 04-09-2014 08:19 AM
How to Factory Restore your Computer
How to Factory Restore your Computer This tutorial will guide you on how to do a system restore on your Windows computer. Below make sure you read and follow only the tutorial that matches your computer. If an error occurs during the restore process, stop the process and post in the appropriate...
Masterchiefxx17 Windows XP Support 0 03-24-2012 08:11 PM
"System Fix" virus hijacked computer
Hello, I’ve got a computer infected with the “System Fix” Virus. I believe the OS is Windows XP Professional. Searching the Tech Support Forum lead me to this thread: https://www.techsupportforum.com/forums/f50/im-in-trouble-614906.html Since that thread is getting quite long, I figured...
SilentJim Resolved HJT Threads 48 12-02-2011 08:10 AM
Windows Explorer stops responding
Hi, I keep getting a message that windows explorer stops responding. I just had a new hard drive installed and downloaded AOL and other software, such as Microsoft office. Paradoxically, I can get windows explorer to load. How can I fix this problem of getting this message. Thank you.
HeartK Windows 7 , Windows Vista Support 1 05-17-2011 12:13 AM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:26 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts