Welcome to GeekPolice!
Homeslow pc
Page 2 of 3 • 
1, 2, 3 
- Superdave
Security Officer
-
OS : Windows 8.1 and a dual-boot with XP Home SP3
Anti-Malware : MSE, Windows Defender, Windows firewall
Posts : 4253
Rubies : 61713
Likes : 28 
Superdave on 19th August 2014, 10:53 pm
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the
button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the
button.•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
•Check
•Click the
button.•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.•Push the
button.•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
- Denny978
Intermediate
-
OS : windows xp
Posts : 133
Rubies : 4817
Likes : 0 -
Denny978 on 23rd August 2014, 3:07 am
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\supporter\Supporter_x64.dll.vir a variant of Win64/SProtector.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3311873\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\Chrome\CT3311873\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\Chrome\CT3311873\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijfdbekpkjfjnpgckjffjdneiabdnnn\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijfdbekpkjfjnpgckjffjdneiabdnnn\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\NativeMessaging\CT3311873\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\Extensions\{4d1c06bd-ec83-4ad6-ada2-877ebcaaad2e}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\1999\EverQuest99\dsetup.dll probably a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\supporter\Supporter_x64.dll.vir a variant of Win64/SProtector.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3311873\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\Chrome\CT3311873\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Conduit\Chrome\CT3311873\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijfdbekpkjfjnpgckjffjdneiabdnnn\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijfdbekpkjfjnpgckjffjdneiabdnnn\10.23.0.722_0\TBHostSupport\TBHostSupport.dll.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Local\NativeMessaging\CT3311873\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\Extensions\{4d1c06bd-ec83-4ad6-ada2-877ebcaaad2e}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\1999\EverQuest99\dsetup.dll probably a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan cleaned by deleting - quarantined
- SuperdaveSecurity Officer
-
OS : Windows 8.1 and a dual-boot with XP Home SP3
Anti-Malware : MSE, Windows Defender, Windows firewall
Posts : 4253
Rubies : 61713
Likes : 28 -
Superdave on 24th August 2014, 6:48 pm
Please run MBAM again and post the log if anything shows up.
StartupLite
Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
******************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1
Link 2
Link 3
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
StartupLite
Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
******************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1
Link 2
Link 3
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
- Denny978Intermediate
-
OS : windows xp
Posts : 133
Rubies : 4817
Likes : 0 -
Denny978 on 24th August 2014, 8:14 pm
mbam ran with no detections
ComboFix 14-08-24.01 - dennis 08/24/2014 16:02:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6085 [GMT -4:00]
Running from: c:\users\dennis\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\bootstrap.js
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\chrome.manifest
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\content\bg.js
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\install.rdf
c:\users\dennis\GoToAssistDownloadHelper.exe
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
.
.
((((((((((((((((((((((((( Files Created from 2014-07-24 to 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 20:09 . 2014-08-24 20:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-24 20:09 . 2014-08-24 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 06:25 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9FD5A7C-34A6-45D9-9E64-06DD49309C80}\mpengine.dll
2014-08-23 23:00 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 04:13 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 04:13 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 04:13 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 04:13 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 04:13 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 04:13 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 04:13 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 04:13 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 04:13 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 04:13 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 04:12 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 04:12 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 04:12 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 04:12 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-19 01:33 . 2014-08-19 01:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-18 22:21 . 2014-08-18 22:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F689A8D-2D6B-4EFA-8E8E-7143104BC1AE}\gapaengine.dll
2014-08-18 22:20 . 2014-08-18 22:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-18 22:20 . 2014-08-18 22:20 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-17 01:24 . 2014-08-17 01:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-17 01:23 . 2014-08-17 01:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-17 01:23 . 2014-08-17 01:23 -------- d-----w- c:\program files (x86)\Java
2014-08-17 01:19 . 2014-08-17 01:19 0 ----a-w- c:\windows\SysWow64\REN4D98.tmp
2014-08-17 01:19 . 2014-08-17 01:19 0 ----a-w- c:\windows\SysWow64\REN4D97.tmp
2014-08-17 01:09 . 2014-08-17 01:09 -------- d-sh--w- c:\users\dennis\AppData\Local\EmieUserList
2014-08-17 01:09 . 2014-08-17 01:09 -------- d-sh--w- c:\users\dennis\AppData\Local\EmieSiteList
2014-08-17 01:00 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-16 13:41 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 13:41 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 13:41 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 13:41 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 13:41 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 13:41 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 13:41 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 13:41 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 21:55 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBC725F-E2B4-41D8-B4DF-434B90AFDCEA}\mpengine.dll
2014-08-15 21:51 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-15 21:51 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-15 21:49 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 21:49 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 21:49 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 21:49 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-12 19:22 . 2014-08-24 19:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 19:22 . 2014-08-19 01:33 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 19:22 . 2014-08-12 19:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-12 19:22 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\dennis\AppData\Local\Packages
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\programdata\8e65297905558e80
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\HomeGroupUser$
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\Guest
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\dennis\AppData\Local\Comodo
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 13:46 . 2010-12-23 11:20 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-12 14:36 . 2012-04-18 00:28 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-12 14:36 . 2011-08-11 16:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 14:36 . 2014-07-12 14:36 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18 . 2014-07-12 13:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-12 13:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-12 13:40 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-12 13:40 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-12 13:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-12 13:40 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-12 13:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-12 13:40 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-03 02:27 . 2014-06-03 02:27 0 ----a-w- c:\windows\SysWow64\RENDBB.tmp
2014-06-03 02:27 . 2014-06-03 02:27 0 ----a-w- c:\windows\SysWow64\RENDBA.tmp
2014-05-30 08:08 . 2014-07-12 13:40 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-12 13:40 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-12 13:40 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-12 13:40 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-12 13:40 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-12 13:40 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-12 13:40 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-12 13:40 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-12 13:40 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-12 13:40 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-12 13:40 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-12 13:40 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-12 13:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-12 13:40 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-12 13:40 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 11:32 . 2014-05-29 11:32 80384 ----a-w- c:\windows\system32\RazerCoinstaller.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:36]
.
2014-07-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2014-08-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-24 16:12:05
ComboFix-quarantined-files.txt 2014-08-24 20:12
ComboFix2.txt 2011-12-03 18:50
.
Pre-Run: 50,380,009,472 bytes free
Post-Run: 50,478,338,048 bytes free
.
- - End Of File - - 54D5E29A0CBB386B8B53E18F67831381
ComboFix 14-08-24.01 - dennis 08/24/2014 16:02:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6085 [GMT -4:00]
Running from: c:\users\dennis\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\dennis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\dennis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\bootstrap.js
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\chrome.manifest
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\content\bg.js
c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\extensions\1m2nusfj@jpiszxzqg.edu\install.rdf
c:\users\dennis\GoToAssistDownloadHelper.exe
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkmcapidjlfedeminljjkcodjbhkofmo\2.0\w4.js
.
.
((((((((((((((((((((((((( Files Created from 2014-07-24 to 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 20:09 . 2014-08-24 20:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-24 20:09 . 2014-08-24 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 06:25 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9FD5A7C-34A6-45D9-9E64-06DD49309C80}\mpengine.dll
2014-08-23 23:00 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 04:13 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 04:13 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 04:13 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 04:13 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 04:13 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 04:13 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 04:13 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 04:13 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 04:13 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 04:13 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 04:12 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 04:12 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 04:12 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 04:12 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-19 01:33 . 2014-08-19 01:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-18 22:21 . 2014-08-18 22:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F689A8D-2D6B-4EFA-8E8E-7143104BC1AE}\gapaengine.dll
2014-08-18 22:20 . 2014-08-18 22:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-18 22:20 . 2014-08-18 22:20 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-17 01:24 . 2014-08-17 01:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-17 01:23 . 2014-08-17 01:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-17 01:23 . 2014-08-17 01:23 -------- d-----w- c:\program files (x86)\Java
2014-08-17 01:19 . 2014-08-17 01:19 0 ----a-w- c:\windows\SysWow64\REN4D98.tmp
2014-08-17 01:19 . 2014-08-17 01:19 0 ----a-w- c:\windows\SysWow64\REN4D97.tmp
2014-08-17 01:09 . 2014-08-17 01:09 -------- d-sh--w- c:\users\dennis\AppData\Local\EmieUserList
2014-08-17 01:09 . 2014-08-17 01:09 -------- d-sh--w- c:\users\dennis\AppData\Local\EmieSiteList
2014-08-17 01:00 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-16 13:41 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 13:41 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 13:41 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 13:41 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 13:41 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 13:41 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 13:41 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 13:41 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 21:55 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBC725F-E2B4-41D8-B4DF-434B90AFDCEA}\mpengine.dll
2014-08-15 21:51 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-15 21:51 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-15 21:49 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-15 21:49 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-15 21:49 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-15 21:49 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-12 19:22 . 2014-08-24 19:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 19:22 . 2014-08-19 01:33 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 19:22 . 2014-08-12 19:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-12 19:22 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\dennis\AppData\Local\Packages
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\programdata\8e65297905558e80
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\HomeGroupUser$
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\Guest
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\dennis\AppData\Local\Comodo
2014-08-12 01:57 . 2014-08-12 01:57 -------- d-----w- c:\users\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 13:46 . 2010-12-23 11:20 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-12 14:36 . 2012-04-18 00:28 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-12 14:36 . 2011-08-11 16:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 14:36 . 2014-07-12 14:36 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18 . 2014-07-12 13:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-12 13:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-12 13:40 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-12 13:40 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-12 13:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-12 13:40 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-12 13:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-12 13:40 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-03 02:27 . 2014-06-03 02:27 0 ----a-w- c:\windows\SysWow64\RENDBB.tmp
2014-06-03 02:27 . 2014-06-03 02:27 0 ----a-w- c:\windows\SysWow64\RENDBA.tmp
2014-05-30 08:08 . 2014-07-12 13:40 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-12 13:40 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-12 13:40 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-12 13:40 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-12 13:40 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-12 13:40 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-12 13:40 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-12 13:40 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-12 13:40 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-12 13:40 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-12 13:40 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-12 13:40 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-12 13:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-12 13:40 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-12 13:40 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-29 11:32 . 2014-05-29 11:32 80384 ----a-w- c:\windows\system32\RazerCoinstaller.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys;c:\windows\SYSNATIVE\drivers\dadder.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 14:36]
.
2014-07-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2014-08-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-24 16:12:05
ComboFix-quarantined-files.txt 2014-08-24 20:12
ComboFix2.txt 2011-12-03 18:50
.
Pre-Run: 50,380,009,472 bytes free
Post-Run: 50,478,338,048 bytes free
.
- - End Of File - - 54D5E29A0CBB386B8B53E18F67831381
- SuperdaveSecurity Officer
-
OS : Windows 8.1 and a dual-boot with XP Home SP3
Anti-Malware : MSE, Windows Defender, Windows firewall
Posts : 4253
Rubies : 61713
Likes : 28 -
Superdave on 24th August 2014, 10:46 pm
Is there any change in your computer?
Download DDS from HERE or HERE and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
Let me take a look at what you have and we'll go from there.Is there any type of guide i can use to get the most out of my computer? What programs i should delete and such. I use it mostly for games and videos..
Download DDS from HERE or HERE and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
- Denny978Intermediate
-
OS : windows xp
Posts : 133
Rubies : 4817
Likes : 0 -
Denny978 on 24th August 2014, 11:18 pm
Still take about 5 mins to boot and be able to click a program and have it start right away. The advertisements i can mouse over on random words in my browser are gone along with no popup tabs.
- Denny978Intermediate
-
OS : windows xp
Posts : 133
Rubies : 4817
Likes : 0 -
Denny978 on 24th August 2014, 11:20 pm
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 11.11.2
Run by dennis at 19:19:11 on 2014-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4524 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B455121E-B7AE-4084-88FE-2E5FFD14248E} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-15 55280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-31 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-31 21007192]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-15 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-24 411936]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-30 2666880]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-12-15 47672]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-15 321064]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-31 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-31 40392]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-12-15 226616]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-20 49152]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-23 1255736]
S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 350792]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-24 22:06:27 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-24 20:12:09 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-24 19:59:40 98816 ----a-w- C:\Windows\sed.exe
2014-08-24 19:59:40 256000 ----a-w- C:\Windows\PEV.exe
2014-08-24 19:59:40 208896 ----a-w- C:\Windows\MBR.exe
2014-08-24 06:25:41 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9FD5A7C-34A6-45D9-9E64-06DD49309C80}\mpengine.dll
2014-08-23 23:00:03 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 04:13:19 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 04:13:00 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 04:13:00 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 04:12:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 04:12:43 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 04:12:43 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 04:12:43 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-19 01:33:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 22:21:46 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F689A8D-2D6B-4EFA-8E8E-7143104BC1AE}\gapaengine.dll
2014-08-18 22:20:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-18 22:20:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-17 01:23:51 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-17 01:19:03 0 ----a-w- C:\Windows\SysWow64\REN4D98.tmp
2014-08-17 01:19:03 0 ----a-w- C:\Windows\SysWow64\REN4D97.tmp
2014-08-17 01:09:49 -------- d-sh--w- C:\Users\dennis\AppData\Local\EmieUserList
2014-08-17 01:09:49 -------- d-sh--w- C:\Users\dennis\AppData\Local\EmieSiteList
2014-08-17 01:00:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-16 13:41:34 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-16 13:41:34 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-16 13:41:33 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-16 13:41:33 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-16 13:41:33 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-16 13:41:33 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-16 13:41:17 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 13:41:17 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 21:55:54 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3EBC725F-E2B4-41D8-B4DF-434B90AFDCEA}\mpengine.dll
2014-08-15 21:51:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-15 21:51:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-15 21:49:50 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 21:49:50 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 21:49:47 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 21:49:46 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-12 19:22:43 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-12 19:22:29 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-12 19:22:29 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-12 19:22:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 01:57:11 -------- d-----w- C:\Users\dennis\AppData\Local\Packages
2014-08-12 01:57:11 -------- d-----w- C:\ProgramData\8e65297905558e80
2014-08-12 01:57:08 -------- d-----w- C:\Users\dennis\AppData\Local\Comodo
.
==================== Find3M ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-12 14:36:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 14:36:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-12 14:36:03 11204096 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-06-03 02:27:47 0 ----a-w- C:\Windows\SysWow64\RENDBB.tmp
2014-06-03 02:27:47 0 ----a-w- C:\Windows\SysWow64\RENDBA.tmp
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
.
============= FINISH: 19:19:36.75 ===============
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 11.11.2
Run by dennis at 19:19:11 on 2014-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4524 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B455121E-B7AE-4084-88FE-2E5FFD14248E} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dennis\AppData\Roaming\Mozilla\Firefox\Profiles\rlyanaob.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-15 55280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-31 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-31 21007192]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-15 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-24 411936]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-30 2666880]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-12-15 47672]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-15 321064]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-31 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-31 40392]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-12-15 226616]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-20 49152]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-23 1255736]
S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 350792]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-24 22:06:27 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-24 20:12:09 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-24 19:59:40 98816 ----a-w- C:\Windows\sed.exe
2014-08-24 19:59:40 256000 ----a-w- C:\Windows\PEV.exe
2014-08-24 19:59:40 208896 ----a-w- C:\Windows\MBR.exe
2014-08-24 06:25:41 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9FD5A7C-34A6-45D9-9E64-06DD49309C80}\mpengine.dll
2014-08-23 23:00:03 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-21 04:13:19 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 04:13:00 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 04:13:00 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 04:12:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 04:12:43 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 04:12:43 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 04:12:43 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-19 01:33:54 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 22:21:46 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F689A8D-2D6B-4EFA-8E8E-7143104BC1AE}\gapaengine.dll
2014-08-18 22:20:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-18 22:20:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-17 01:23:51 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-17 01:19:03 0 ----a-w- C:\Windows\SysWow64\REN4D98.tmp
2014-08-17 01:19:03 0 ----a-w- C:\Windows\SysWow64\REN4D97.tmp
2014-08-17 01:09:49 -------- d-sh--w- C:\Users\dennis\AppData\Local\EmieUserList
2014-08-17 01:09:49 -------- d-sh--w- C:\Users\dennis\AppData\Local\EmieSiteList
2014-08-17 01:00:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-16 13:41:34 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-16 13:41:34 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-16 13:41:33 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-16 13:41:33 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-16 13:41:33 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-16 13:41:33 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-16 13:41:17 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 13:41:17 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 21:55:54 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3EBC725F-E2B4-41D8-B4DF-434B90AFDCEA}\mpengine.dll
2014-08-15 21:51:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-15 21:51:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-15 21:49:50 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 21:49:50 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 21:49:47 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 21:49:46 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-12 19:22:43 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-12 19:22:29 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-12 19:22:29 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-12 19:22:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 01:57:11 -------- d-----w- C:\Users\dennis\AppData\Local\Packages
2014-08-12 01:57:11 -------- d-----w- C:\ProgramData\8e65297905558e80
2014-08-12 01:57:08 -------- d-----w- C:\Users\dennis\AppData\Local\Comodo
.
==================== Find3M ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-12 14:36:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 14:36:06 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-12 14:36:03 11204096 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-06-03 02:27:47 0 ----a-w- C:\Windows\SysWow64\RENDBB.tmp
2014-06-03 02:27:47 0 ----a-w- C:\Windows\SysWow64\RENDBA.tmp
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
.
============= FINISH: 19:19:36.75 ===============
Page 2 of 3 • 1, 2, 3
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 2 of 3
Permissions in this forum:
You can reply to topics in this forum
