dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
514
share rss forum feed


Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT
Reviews:
·Charter
·AT&T DSL Service

[Malware] Malwarebytes did find some stuff

My laptop just recently started getting script errors and youtube videos would just stop playing for no reason.. OTL will not run for me.. I've tried safe mode also.. so i don't have those logs up yet.

But basically the computer is very laggy also on the internet.. places like dslreports loads fast but facebook or 1 click Animal, Rain Forrest etc. site is very slow.. and the sites really don't look right..

Also i did run Eset online scan it came up clean after malwarebytes did it's job.. i didn't save the log .. i can get another if you need it

Thanks

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Bill :: BILL-PC [administrator]

9/13/2013 4:04:29 PM
mbam-log-2013-09-13 (16-04-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 387372
Time elapsed: 48 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: zr1C2U2X1O1M1U1NtFzttH1C -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

# AdwCleaner v3.003 - Report created 13/09/2013 at 17:17:55
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Bill - BILL-PC
# Running from : C:\Users\Bill\Desktop\virus clean up\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\fbphotozoom
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Bill\AppData\Local\apn
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\FCTB
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\jetpack
File Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\prefs.js ]

Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Line Deleted : user_pref("extentions.y2layers.installId", "698a9126-493f-4603-976e-9095b42c3ef3");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 372033);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 13);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 13);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1378983882713");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxp%3A//gmail.com/");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV0b2 9saWQmcD0%3D");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "123797304");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "7e91aa71b7d3dcdd6cde638e17fdff158114308e");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9011 octets] - [13/09/2013 17:10:25]
AdwCleaner[S0].txt - [8989 octets] - [13/09/2013 17:17:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9049 octets] ##########

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
[u]````````Process Check: objlist.exe by Laurent````````[/u]
WinPatrol winpatrol.exe
Bill Desktop virus clean up SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 5%
[u]````````````````````End of Log``````````````````````[/u]
--

'rocking the awakening mind'!




lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:56

The log should still be located @ C: Program Files \ Eset\ log.txt

We'll also need the OTL and Extras logs



Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT

OTL freezes when it gets to Checking Firefox settings (have tried 1/2 dozen times. Then Not Responding shows up.. I'll have to run eset again i guess i think i had the program uninstall and must have taken logs with it



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to Rungel

Instead of OTL try DDS instead. Instructions follow...

Please download DDS by sUBs from one of the following links. Save it to your desktop.
[color=blue]DDS.com[/color]
[color=blue]DDS.pif[/color]

[*]Double click on the DDS icon, allow it to run.[/*]

[*]Click on Start.[/*]

[*]After the scan has finished, confirm the message with Ok.[/*]

[*]DDS will automatically open the logfile.[/*]

[*]You can find the logfile on your desktop as well.[/*]

[*]Please post the content of that logfile with your next answer.[/*]


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control [color=blue]HERE[/color]
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013



Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT
Reviews:
·Charter
·AT&T DSL Service
reply to lilhurricane

said by lilhurricane:

The log should still be located @ C: Program Files \ Eset\ log.txt

We'll also need the OTL and Extras logs

almost done with eset.. ya it's strange i couldn't find any Eset folder in Programs
--

'rocking the awakening mind'!




Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT
Reviews:
·Charter
·AT&T DSL Service
reply to lilhurricane

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Bill at 13:59:00 on 2013-09-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12266.9623 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\Bill\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Bill\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F} : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\135305F6E646751697 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\1427470235F657478602130333 : DHCPNameServer = 137.99.203.20 137.99.25.14
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\2456C6B696E6F574F505C65737F5D494D4F4F5338353135364 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\35563627564702355627679636560235070202F4057237 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\642494F5355727675696C6C616E63656 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{A5B8612C-5E7F-472F-96BF-86C9693A695F}\75962756C6563737 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Users\Bill\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\7shm7w3c.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-4 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-4 189936]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-11-25 137312]
R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2012-4-12 157696]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-7-1 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-7-1 146528]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-28 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-28 378944]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-7-1 3459024]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-28 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-28 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-4 46808]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-4-4 21992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-19 13336]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\System32\drivers\UBSBM.sys [2013-6-13 24064]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\System32\drivers\UBUMAPI.sys [2013-6-13 92160]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-19 2656280]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-7-1 367200]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-6-14 176880]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2012-4-11 145424]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\System32\drivers\ubohci.sys [2013-6-13 132608]
R3 XHCIdrv;xHCI Compliance Test Host Controller;C:\Windows\System32\drivers\XHCIdrv.sys [2013-9-14 119720]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-6-12 21600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-6-3 401920]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-10-3 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-10-3 9096]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]
S3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-9-28 26208]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-13 44480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-20 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-11-22 226696]
S3 pimou;Pluralinput Mouse 0.8.2.0;C:\Windows\System32\drivers\pimou.sys [2013-5-6 22856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-2 19456]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-13 22800]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-6-18 33008]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-09-15 13:09:41 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-15 00:27:19 1795952 ----a-w- C:\Windows\System32\wdfcoinstaller01011.dll
2013-09-15 00:27:19 119720 ----a-w- C:\Windows\System32\drivers\XHCIdrv.sys
2013-09-15 00:25:28 76568 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys
2013-09-15 00:25:28 59160 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys
2013-09-15 00:25:28 53016 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll
2013-09-15 00:25:28 1843992 ----a-w- C:\Windows\System32\LkmdfCoInst.dll
2013-09-14 21:40:12 11530992 ----a-w- C:\Windows\System32\drivers\NETwsw00.sys
2013-09-14 18:57:25 -------- d-----w- C:\Users\Bill\AppData\Local\NVIDIA
2013-09-14 02:08:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-14 01:48:25 98816 ----a-w- C:\Windows\sed.exe
2013-09-14 01:48:25 256000 ----a-w- C:\Windows\PEV.exe
2013-09-14 01:48:25 208896 ----a-w- C:\Windows\MBR.exe
2013-09-13 21:10:18 -------- d-----w- C:\AdwCleaner
2013-09-13 10:50:30 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7485EF5-C56B-4623-AB6D-2B5145C3DD97}\mpengine.dll
2013-09-11 20:29:42 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 11:08:34 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-09-15 00:25:44 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-09-13 16:15:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 16:15:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 04:59:39 6601504 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-26 04:59:39 3452704 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-26 04:59:35 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-26 04:59:35 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-26 04:59:35 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-07-26 04:59:35 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-04 20:07:13 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-04 20:07:13 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-07-02 00:39:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 00:39:11 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-02 00:39:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 18:06:36 1832224 ----a-w- C:\Windows\System32\nvdispco6432049.dll
2013-06-21 18:06:36 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432049.dll
2012-06-27 21:41:28 44 ------w- C:\Program Files (x86)\16d883e3.tmp
2012-04-09 21:27:48 14844448 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 13:59:34.08 ===============
--

'rocking the awakening mind'!




Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT
Reviews:
·Charter
·AT&T DSL Service
reply to LoPhatPhuud

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8aecad681271b24b8f8f95b85821fd83
# engine=15138
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-15 05:13:29
# local_time=2013-09-15 01:13:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 4795561 155057081 0 0
# compatibility_mode=5893 16776574 100 94 0 130808659 0 0
# scanned=154426
# found=1
# cleaned=1
# scan_time=14335
sh=04769B1DA1EB4238F36F5295E18F563718BFE109 ft=1 fh=ee61cf339d6716fa vn="a variant of MSIL/DomaIQ.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bill\Downloads\java-runtime-environment-jre.exe"
--

'rocking the awakening mind'!




LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to Rungel

Nothing glaring so far. Time to check for rootkits...

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications

Note: Instructions for several rootkit programs are at that link. Just run Sophos. You may have to scroll down to see the instructions.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013



Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT
Reviews:
·Charter
·AT&T DSL Service

It did clean this after i copied the log file

2013-09-15 14:58:38 Sophos Virus Removal Tool version 2.4
2013-09-15 14:58:38 Copyright (c) 2009-2013 Sophos Limited. All rights reserved.

2013-09-15 14:58:38 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-09-15 14:58:38 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2013-09-15 14:58:38 Checking for updates...
2013-09-15 14:58:51 Update progress: proxy server not available
2013-09-15 14:58:56 Option all = no
2013-09-15 14:58:56 Option recurse = yes
2013-09-15 14:58:56 Option archive = no
2013-09-15 14:58:56 Option service = yes
2013-09-15 14:58:56 Option confirm = yes
2013-09-15 14:58:56 Option sxl = yes
2013-09-15 14:58:56 Option max-data-age = 35
2013-09-15 14:58:56 Option EnableSafeClean = yes
2013-09-15 14:58:56 Couldn't apply option 'EnableSafeClean' to the detection engine [0xa004020c].
2013-09-15 14:58:56 Component SVRTcli.exe version 2.4
2013-09-15 14:58:56 Component control.dll version 2.4
2013-09-15 14:58:56 Component SVRTservice.exe version 2.4
2013-09-15 14:58:56 Component engine\osdp.dll version 1.44.0.2100
2013-09-15 14:58:56 Component engine\veex.dll version 3.45.0.2100
2013-09-15 14:58:56 Component engine\savi.dll version 7.5.13.2100
2013-09-15 14:58:56 Component rkdisk.dll version 1.5.30.0
2013-09-15 14:58:56 Version info: Product version 2.4
2013-09-15 14:58:56 Version info: Detection engine 3.45.0
2013-09-15 14:58:56 Version info: Detection data 4.91
2013-09-15 14:58:56 Version info: Build date 7/10/2013
2013-09-15 14:58:56 Version info: Data files added 732
2013-09-15 14:58:56 Version info: Last successful update (not yet updated)
2013-09-15 14:59:47 Downloading updates...
2013-09-15 14:59:47 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-09-15 14:59:47 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-09-15 14:59:47 Update progress: [I49502] Found supplement IDE492 LATEST
2013-09-15 14:59:47 Update progress: [I49502] Found supplement IDE493 LATEST
2013-09-15 14:59:47 Update progress: [I49502] Found supplement IDE494 LATEST
2013-09-15 14:59:47 Update progress: [I49502] Found supplement IDE495 LATEST
2013-09-15 14:59:47 Update progress: [I49502] Found supplement IDE496 LATEST
2013-09-15 14:59:47 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-09-15 14:59:47 Update progress: [I19463] Syncing product SAVIW32 30
2013-09-15 14:59:50 Update progress: [I19463] Syncing product IDE492 222
2013-09-15 14:59:52 Installing updates...
2013-09-15 14:59:52 Update progress: [I19463] Syncing product IDE493 208
2013-09-15 14:59:52 Update progress: [I19463] Syncing product IDE494 183
2013-09-15 14:59:52 Update progress: [I19463] Syncing product IDE495 130
2013-09-15 14:59:52 Update progress: [I19463] Syncing product IDE496 1
2013-09-15 15:00:04 Update successful
2013-09-15 15:00:23 Option all = no
2013-09-15 15:00:23 Option recurse = yes
2013-09-15 15:00:23 Option archive = no
2013-09-15 15:00:23 Option service = yes
2013-09-15 15:00:23 Option confirm = yes
2013-09-15 15:00:23 Option sxl = yes
2013-09-15 15:00:23 Option max-data-age = 35
2013-09-15 15:00:23 Option EnableSafeClean = yes
2013-09-15 15:00:23 Couldn't apply option 'EnableSafeClean' to the detection engine [0xa004020c].
2013-09-15 15:00:23 Component SVRTcli.exe version 2.4
2013-09-15 15:00:23 Component control.dll version 2.4
2013-09-15 15:00:23 Component SVRTservice.exe version 2.4
2013-09-15 15:00:23 Component engine\osdp.dll version 1.44.0.2100
2013-09-15 15:00:23 Component engine\veex.dll version 3.45.0.2100
2013-09-15 15:00:23 Component engine\savi.dll version 7.5.13.2100
2013-09-15 15:00:23 Component rkdisk.dll version 1.5.30.0
2013-09-15 15:00:23 Version info: Product version 2.4
2013-09-15 15:00:23 Version info: Detection engine 3.45.0
2013-09-15 15:00:23 Version info: Detection data 4.91G
2013-09-15 15:00:23 Version info: Build date 7/10/2013
2013-09-15 15:00:23 Version info: Data files added 732
2013-09-15 15:00:23 Version info: Last successful update 9/15/2013 3:00:04 PM

2013-09-15 15:04:44 Could not open C:\pagefile.sys
2013-09-15 15:17:33 Could not open C:\System Volume Information\{0422a2e0-1d87-11e3-b0d1-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{0422a2e7-1d87-11e3-b0d1-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{10e73dab-1e03-11e3-a6ec-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{10e73daf-1e03-11e3-a6ec-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{10e73db5-1e03-11e3-a6ec-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{4df0a9c3-1d69-11e3-a927-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{4df0a9c7-1d69-11e3-a927-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{4df0a9f5-1d69-11e3-a927-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:17:33 Could not open C:\System Volume Information\{a2eda98c-1dfb-11e3-b3b3-0090f5b65859}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-09-15 15:19:25 >>> Virus 'Mal/Generic-S' found in file C:\Users\Bill\Desktop\virus clean up\RogueKiller.exe
2013-09-15 15:24:45 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-09-15 15:24:45 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-09-15 15:43:59 The following items will be cleaned up:
2013-09-15 15:43:59 Mal/Generic-S
--

'rocking the awakening mind'!




Rungel
Run A Mile Live Awhile
Premium
join:2001-12-05
CT

My internet connection seems to be much better this morning.. so a lot of it was Charter .. but always good to get this checked out once in a while..thank you all and if there are any other recommendations i would like to hear them

Bill-



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to Rungel

The logs are clean. Glad to here your system is performing better.

Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete AdwCleaner:
  • Double click the AdwCleaner icon on your Desktop
  • Press the 'Uninstall' button

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL Cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013