Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

computer crash [Solved]


  • This topic is locked This topic is locked
120 replies to this topic

#16 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 11 May 2014 - 06:56 AM

I have no clue. the only reason I found out about the other network is because Avast popped up a message informing me of it. How do I find out? Something turned off my virus scan in the last couple hours too.

    Advertisements

Register to Remove


#17 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 11 May 2014 - 12:29 PM

I've done some checking with AVAST!. I'm told that when you first installed AVAST! you should have been told that a "new" network had been found. This network would be "new" to AVAST! as at that point it wouldn't know anything about any network. This would have been your normal network. Are you sure that it said it found "another" network?

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FUIAQW27\co[1].htm
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#18 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 12 May 2014 - 04:49 AM

How do I figure that out?

#19 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 14 May 2014 - 04:49 AM

I wrote down everything that day so reasonably sure it said another, however, I do not remember new network found message so ... ? I also installed AVAST in the past and never got a message like that. I still don't really understand the purple.wi.rr.com either but ok.

I am in the last week of my clinical rotations for school. It may take me a day or two to follow the above instructions. Thanks so much for the help. Sorry I am a little slow. "working" 10 hour days for school at the moment.

#20 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 14 May 2014 - 07:08 AM

Did your ISP set up your router?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#21 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 17 May 2014 - 07:19 AM

My Husband set up the router...

 

Graduation day - I'm pretty much gone for the rest of today/tonight.  Sadly 2 days of internship still remain next week even though we graduate. 

 

Here is the combo fix log.  THanks for your help

 

ComboFix 14-05-16.01 - l 05/17/2014   8:08.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.12207.10199 [GMT -5:00]
Running from: c:\users\l\Desktop\ComboFix.exe
Command switches used :: c:\users\l\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FUIAQW27\co[1].htm"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DDEBEC6-3CB6-4110-BCD1-857EE0CA83BC}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{823BFF20-B57D-4964-BF37-0B348C40EB48}.xps
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-17 to 2014-05-17  )))))))))))))))))))))))))))))))
.
.
2014-05-17 13:13 . 2014-05-17 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-17 13:08 . 2014-04-23 16:50 1031560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBFDA6F8-C9CE-4B93-95AC-772234B75B61}\gapaengine.dll
2014-05-17 13:08 . 2014-04-16 08:22 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{493A351A-A2AB-407D-80D8-A4161B3DD44B}\mpengine.dll
2014-05-17 12:37 . 2014-05-17 12:37 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-17 12:36 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-17 12:36 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-17 12:36 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-17 12:36 . 2014-05-17 12:36 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-17 12:36 . 2014-05-17 12:36 -------- d-----w- c:\programdata\Malwarebytes
2014-05-13 00:18 . 2014-05-13 00:18 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-12 11:52 . 2014-02-05 23:41 978432 ----a-w- c:\windows\system32\KernelBase.dll
2014-05-12 11:52 . 2014-02-05 23:41 1257984 ----a-w- c:\windows\system32\kernel32.dll
2014-05-12 11:52 . 2014-02-05 23:26 666112 ----a-w- c:\windows\SysWow64\KernelBase.dll
2014-05-12 09:07 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-12 09:07 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-12 09:07 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-12 09:07 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-12 09:07 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-12 09:04 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-05-12 09:04 . 2013-06-22 05:45 54488 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-05-12 07:59 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys
2014-05-12 06:18 . 2013-07-05 22:02 99328 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-05-12 02:23 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-05-12 02:23 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-05-12 02:20 . 2013-10-01 23:26 1890816 ----a-w- c:\windows\system32\crypt32.dll
2014-05-12 02:20 . 2013-10-01 23:37 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-05-12 01:42 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll
2014-05-12 01:42 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-05-12 00:37 . 2014-02-08 04:34 4036608 ----a-w- c:\windows\system32\win32k.sys
2014-05-11 20:49 . 2014-02-23 08:11 3960320 ----a-w- c:\windows\system32\jscript9.dll
2014-05-11 20:49 . 2014-02-23 06:53 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-11 20:49 . 2014-02-23 06:53 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-05-11 19:08 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2014-05-11 19:08 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2014-05-11 19:08 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2014-05-11 19:08 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2014-05-11 14:18 . 2013-09-23 22:30 419328 ----a-w- c:\windows\system32\schannel.dll
2014-05-11 14:18 . 2013-09-23 22:30 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-11 12:55 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-05-11 08:20 . 2013-08-10 03:58 356352 ----a-w- c:\windows\SysWow64\SettingSync.dll
2014-05-11 08:19 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll
2014-05-11 08:17 . 2013-10-24 22:34 868448 ----a-w- c:\program files\Windows Defender\MpClient.dll
2014-05-11 08:16 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2014-05-11 08:14 . 2014-04-29 12:25 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-11 08:14 . 2014-04-29 14:14 19275264 ----a-w- c:\windows\system32\mshtml.dll
2014-05-11 08:14 . 2014-04-29 12:36 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-11 08:14 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-05-11 08:14 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-05-11 08:14 . 2013-05-26 23:17 35328 ----a-w- c:\windows\SysWow64\atmlib.dll
2014-05-11 08:14 . 2013-05-26 22:59 46080 ----a-w- c:\windows\system32\atmlib.dll
2014-05-11 08:14 . 2013-05-25 03:15 362496 ----a-w- c:\windows\system32\atmfd.dll
2014-05-11 08:14 . 2013-05-25 02:32 300032 ----a-w- c:\windows\SysWow64\atmfd.dll
2014-05-11 08:14 . 2013-05-04 04:48 27648 ----a-w- c:\windows\system32\drivers\hidusb.sys
2014-05-11 08:13 . 2013-03-02 08:22 361984 ----a-w- c:\windows\SysWow64\MFMediaEngine.dll
2014-05-11 08:13 . 2013-03-02 02:44 468992 ----a-w- c:\windows\system32\MFMediaEngine.dll
2014-05-11 08:10 . 2013-07-01 01:42 79192 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-05-11 08:10 . 2013-07-01 01:42 623448 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-05-11 08:10 . 2013-07-01 01:42 498008 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-05-11 08:10 . 2013-07-01 01:42 21848 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-05-11 08:10 . 2013-06-29 03:07 32256 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-05-11 08:10 . 2013-06-29 03:06 120832 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-05-11 08:10 . 2013-08-03 06:40 462336 ----a-w- c:\windows\system32\sysmon.ocx
2014-05-11 08:10 . 2013-08-03 06:40 566784 ----a-w- c:\windows\system32\wvc.dll
2014-05-11 08:10 . 2013-08-03 06:40 1374208 ----a-w- c:\windows\system32\wdc.dll
2014-05-11 08:10 . 2013-08-03 05:14 399360 ----a-w- c:\windows\SysWow64\sysmon.ocx
2014-05-11 08:10 . 2013-08-03 05:13 1245696 ----a-w- c:\windows\SysWow64\wdc.dll
2014-05-11 08:10 . 2013-08-03 05:13 437248 ----a-w- c:\windows\SysWow64\wvc.dll
2014-05-11 08:10 . 2013-02-12 00:17 20992 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-05-11 08:07 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-05-11 08:07 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2014-05-11 08:07 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2014-05-11 08:07 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll
2014-05-11 08:07 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2014-05-11 08:06 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll
2014-05-11 08:06 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll
2014-05-11 08:06 . 2013-07-02 01:41 337752 ----a-w- c:\windows\system32\drivers\USBXHCI.SYS
2014-05-11 08:06 . 2013-07-02 01:41 213336 ----a-w- c:\windows\system32\drivers\UCX01000.SYS
2014-05-11 08:06 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-05-11 08:06 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-11 08:06 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-05-11 08:06 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll
2014-05-11 08:05 . 2013-03-15 00:17 861184 ----a-w- c:\windows\system32\drivers\http.sys
2014-05-11 08:05 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2014-05-11 08:05 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-05-11 08:05 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2014-05-11 08:05 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2014-05-11 08:05 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-11 08:05 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-11 08:03 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2014-05-11 08:03 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2014-05-11 08:03 . 2014-02-05 23:41 595968 ----a-w- c:\windows\system32\qedit.dll
2014-05-11 08:03 . 2014-02-05 23:37 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2014-05-11 08:03 . 2014-01-31 00:48 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-05-11 08:03 . 2014-01-31 00:06 1628160 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-11 08:03 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-05-11 08:02 . 2012-11-07 23:04 149264 ----a-w- c:\program files\Windows Defender\SymSrv.dll
2014-05-11 08:02 . 2012-11-07 23:04 1558912 ----a-w- c:\program files\Windows Defender\DbgHelp.dll
2014-05-11 08:01 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2014-05-11 08:01 . 2013-08-02 05:08 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2014-05-11 08:01 . 2013-02-07 01:33 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-05-11 08:01 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2014-05-11 08:01 . 2013-08-02 06:28 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-05-11 08:01 . 2013-03-02 10:39 69864 ----a-w- c:\windows\system32\drivers\pdc.sys
2014-05-11 08:01 . 2013-03-02 02:43 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-05-10 14:17 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2014-05-10 14:17 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2014-05-08 14:49 . 2014-05-08 14:49 272048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10238.bin
2014-05-08 14:44 . 2014-05-08 14:44 -------- d-----w- c:\program files (x86)\ESET
2014-05-04 21:28 . 2014-05-04 21:28 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Intel
2014-05-04 15:17 . 2014-05-04 15:17 -------- d-----w- c:\windows\system32\drivers\NISx64\1405000.01C
2014-04-27 14:48 . 2014-04-27 14:50 -------- d-----w- c:\program files (x86)\GUM570E.tmp
2014-04-27 14:23 . 2014-04-27 14:23 -------- d-----w- c:\program files\Google
2014-04-27 14:23 . 2014-04-30 21:40 -------- d-----w- c:\program files (x86)\Google
2014-04-27 14:23 . 2014-04-27 14:25 -------- d-----w- c:\program files (x86)\GUMD585.tmp
2014-04-27 01:20 . 2014-05-04 21:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2014-04-20 23:15 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-04-20 23:15 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-04-20 23:15 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-04-20 23:15 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2014-04-20 23:15 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2014-04-20 23:15 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2014-04-20 23:14 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2014-04-20 23:14 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-04-20 23:14 . 2012-12-13 04:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-04-20 23:14 . 2012-12-13 03:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 08:27 . 2012-07-26 02:26 199680 ----a-w- c:\windows\system32\cdd.dll
2014-04-22 23:47 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-19 15:13 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-04 3873704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 21:41 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27 14:23]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27 14:23]
.
2014-05-17 c:\windows\Tasks\HPCeeScheduleForl.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-05-08 14:54 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-05-08 14:54 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-05-08 14:54 2333400 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-04 21:19 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-08-22 41664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-13 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-26 164848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-26 406512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-26 439792]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-05-17  08:14:42
ComboFix-quarantined-files.txt  2014-05-17 13:14
ComboFix2.txt  2014-04-30 21:33
.
Pre-Run: 1,926,430,457,856 bytes free
Post-Run: 1,926,597,906,432 bytes free
.
- - End Of File - - 36DD34863DBCD78F459BD96FC8FD895A
5FB38429D5D77768867C76DCBDB35194



#22 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 17 May 2014 - 07:59 AM

Hi, I am having extremely slow internet now and every time I leave a page a box pops up telling me I am leaving a secure internet connection and I have to click it to move. THis was not the case prior to combofix this morn. Malwarebytes will not run either, but I had installed it sometime last week and never tried to run it before a few minutes ago so don't know what its status was prior to this morning.

Edited by wilma1313, 17 May 2014 - 08:01 AM.


#23 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 17 May 2014 - 07:46 PM

The warning about leaving a secure web page is normal.  Perhaps you had shut it off on the "cookie" that remembered that was erased when we cleared the temp files.  Is there a little box at the bottom of the warning that says something like "click here to not see this warning again".?

 

Also, it appears I've been remiss in pointing out that you have two anti-virus programs.  AVAST! and Microsoft Defender.  Running two anti-virus programs will cause a variety of problems... including making neither one working effectively. Please uninstall one of them.  Once you have done that... reboot the system and let me know how things seem.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#24 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 21 May 2014 - 06:41 PM

I don't know how that warning is normal every new page I go to? It had not been warning me every page ever before. I turned off the warning, but that doesn't really solve what was causing it to be so overactive.

Miro ( I no longer am able to type te letter see or some oters? Mirosoft defender I did not install and do not sow it on a list to uninstall. Tis omputer is now so slow and awful tat I am srewed. 4 papers due tonigt and no possible way to turn tem in or type tem up.

ELP!!!please.

#25 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 21 May 2014 - 06:54 PM

Windows Defender come on your computer pre-installed with Windows 8.  AVAST! should have shut it off when you installed AVAST!.

 

We need to get you usable to finish your papers (obviously).  Let's try a quick fix and see if it gets you going again.

 

 

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.
 
 
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove


#26 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 22 May 2014 - 07:01 AM

Hi thanks. I ended up doing all 4 papers on my phone and got them in by midnight. I am now done so at least nothing critical needs to be done anymore on the computer, though it would be helpful for studying for my boards. THanks for all your help.

I have all my letters back thankfully so my typing makes better sense today.

Rogue would not do the shortcuts fix. A message popped up saying insert something in my e drive. I had no clue what that is. It did generate 2 logs, which follow. It appears there are 4 quarantined files at this point.

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : l [Admin rights]
Mode : Scan -- Date : 05/22/2014 07:41:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-1CH164 +++++
--- User ---
[MBR] fb2c3fc65261573874936bf2118697dc
[BSP] dcfc9110a497e768fae04a96b60f49a8 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- MS/MS-PRO USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- xD-Picture USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05222014_074108.txt >>


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : l [Admin rights]
Mode : Remove -- Date : 05/22/2014 07:49:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

#27 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 22 May 2014 - 11:24 AM

Don't worry about the E drive warning.  It looks like it was trying to check your thumbdrive (that wasn't installed) for a valid MBR code.  It shouldn't have one and the system won't use it even if it did.

 

RogueKiller didn't find anything important so I'm not sure what was up with your letters when typing.

 

Let's get a new set of DDS logs to see what is currently happening before we mess around any more.  Please post both logs just like you did in the initial post.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#28 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 24 May 2014 - 08:31 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 4/19/2014 10:14:05 AM
System Uptime: 5/21/2014 7:53:39 PM (43 hours ago)
.
Motherboard: Hewlett-Packard | | 2AF3
Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1844 GiB total, 1787.511 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.234 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 5/12/2014 3:00:08 AM - Windows Modules Installer
RP9: 5/12/2014 3:00:22 AM - Windows Update
RP10: 5/17/2014 8:07:38 AM - ComboFix created restore point
RP11: 5/21/2014 10:31:50 AM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Airport Mania
avast! Internet Security
Azteca
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
DisableMSDefender
Dropbox
ESET Online Scanner v3
Farm Frenzy
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.2.3
House of 1000 Doors: Family Secrets
HP Connected Music (Meridian - installer)
HP Customer Experience Enhancements
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IDT Audio
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Recovery Manager
Roads of Rome 3
Royal Envoy 2 Collector's Edition
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/23/2014 11:45:01 AM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: The specified procedure could not be found.
5/22/2014 2:59:44 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
5/21/2014 7:55:03 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 7:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
5/21/2014 7:54:47 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2014 7:53:43 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
5/21/2014 12:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
5/17/2014 8:13:05 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/17/2014 8:12:37 AM, Error: Application Popup [1060] -
5/17/2014 7:48:03 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/17/2014 7:39:02 AM, Error: Service Control Manager [7000] - The Sensor Monitoring Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:38:37 AM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:38:01 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:37:03 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by l at 14:15:35 on 2014-05-23
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.12207.10018 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\dashost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe

#29 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 May 2014 - 09:14 PM

That is only a piece of the DDS log.  Would you please try posting again.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#30 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 26 May 2014 - 08:37 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 4/19/2014 10:14:05 AM
System Uptime: 5/21/2014 7:53:39 PM (43 hours ago)
.
Motherboard: Hewlett-Packard | | 2AF3
Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1844 GiB total, 1787.511 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.234 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP8: 5/12/2014 3:00:08 AM - Windows Modules Installer
RP9: 5/12/2014 3:00:22 AM - Windows Update
RP10: 5/17/2014 8:07:38 AM - ComboFix created restore point
RP11: 5/21/2014 10:31:50 AM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Airport Mania
avast! Internet Security
Azteca
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
DisableMSDefender
Dropbox
ESET Online Scanner v3
Farm Frenzy
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.2.3
House of 1000 Doors: Family Secrets
HP Connected Music (Meridian - installer)
HP Customer Experience Enhancements
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Registration Service
HP Support Assistant
HP Support Information
IDT Audio
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Recovery Manager
Roads of Rome 3
Royal Envoy 2 Collector's Edition
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/23/2014 11:45:01 AM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: The specified procedure could not be found.
5/22/2014 2:59:44 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
5/21/2014 7:55:03 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
5/21/2014 7:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
5/21/2014 7:54:47 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2014 7:53:43 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
5/21/2014 12:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
5/17/2014 8:13:05 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/17/2014 8:12:37 AM, Error: Application Popup [1060] -
5/17/2014 7:48:03 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/17/2014 7:39:02 AM, Error: Service Control Manager [7000] - The Sensor Monitoring Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:38:37 AM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:38:01 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2014 7:37:03 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by l at 14:15:35 on 2014-05-23
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.12207.10018 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\dashost.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\windows\system32\printfilterpipelinesvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{63F6AE22-B6DD-4476-A864-3652DE675725} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D9443B57-4010-4CB8-8171-44BCB8CF3513} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\Drivers\aswndisflt.sys [2014-5-4 447888]
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2014-5-4 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2014-5-4 208416]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-4-30 677360]
R1 aswKbd;aswKbd;C:\windows\System32\Drivers\aswKbd.sys [2014-5-4 28184]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2014-5-4 1039096]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2014-5-4 423240]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-7-17 92536]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2014-5-4 79184]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2014-5-4 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-4 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-5-4 109048]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-5-4 2211000]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-17 129336]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-17 167736]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\windows\System32\Drivers\IvtUrbBtFlt.sys [2013-3-25 49584]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-5-17 25816]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\windows\System32\Drivers\rtbth.sys [2013-12-2 1204424]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-19 772680]
S2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-5-4 29208]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-17 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-17 857912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-17 169752]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-1-28 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\Drivers\MBAMSwissArmy.sys [2014-5-17 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2014-5-17 63192]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-22 21:32:48 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-22 13:01:46 -------- d-----w- C:\Users\l\AppData\Local\CrashDumps
2014-05-21 16:15:27 1933312 ----a-w- C:\windows\System32\wbem\cimwin32.dll
2014-05-21 16:12:38 888320 ----a-w- C:\windows\System32\autochk.exe
2014-05-21 16:10:57 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-05-21 16:08:56 3552768 ----a-w- C:\windows\System32\tquery.dll
2014-05-21 16:05:28 652288 ----a-w- C:\windows\System32\comctl32.dll
2014-05-21 16:05:27 541696 ----a-w- C:\windows\SysWow64\comctl32.dll
2014-05-21 16:03:17 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2014-05-21 16:03:17 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-05-21 16:03:17 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-05-21 16:03:16 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2014-05-21 16:03:16 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-05-21 16:03:16 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-05-21 16:03:16 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2014-05-21 16:02:54 62976 ----a-w- C:\windows\System32\imagehlp.dll
2014-05-21 16:02:54 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-05-21 15:58:21 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2014-05-21 15:58:21 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2014-05-21 15:58:21 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2014-05-21 15:58:21 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2014-05-21 15:58:19 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2014-05-21 15:56:46 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2014-05-21 15:56:36 2371728 ----a-w- C:\windows\System32\WSService.dll
2014-05-21 15:56:34 204800 ----a-w- C:\windows\System32\WSClient.dll
2014-05-21 15:56:32 81408 ----a-w- C:\windows\System32\setupcln.dll
2014-05-21 15:56:32 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2014-05-21 15:56:31 120320 ----a-w- C:\windows\System32\sppc.dll
2014-05-21 15:56:31 1164288 ----a-w- C:\windows\System32\sppobjs.dll
2014-05-21 15:56:28 368640 ----a-w- C:\windows\System32\sppwinob.dll
2014-05-21 15:56:28 183808 ----a-w- C:\windows\System32\WSSync.dll
2014-05-21 15:56:27 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2014-05-21 15:55:23 1419264 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-05-21 15:55:21 1845248 ----a-w- C:\windows\System32\msxml3.dll
2014-05-21 15:55:19 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2014-05-21 15:42:04 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-21 15:42:02 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-21 15:40:59 439808 ----a-w- C:\windows\System32\lsm.dll
2014-05-21 15:31:03 1300992 ----a-w- C:\windows\System32\gdi32.dll
2014-05-21 15:31:03 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-05-21 15:29:59 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BD6D99F-127A-4C60-B25F-0D402985F0DA}\mpengine.dll
2014-05-21 15:29:58 600064 ----a-w- C:\windows\System32\vbscript.dll
2014-05-21 15:29:58 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-21 15:22:31 621568 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-05-21 15:22:31 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2014-05-21 15:22:31 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2014-05-21 15:22:31 215040 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2014-05-21 15:22:31 1120768 ----a-w- C:\windows\System32\gpedit.dll
2014-05-21 15:22:30 78336 ----a-w- C:\windows\System32\drivers\IPMIDrv.sys
2014-05-21 15:22:30 1075200 ----a-w- C:\windows\SysWow64\gpedit.dll
2014-05-17 13:14:49 -------- d-s---w- C:\$RECYCLE.BIN
2014-05-17 13:14:44 -------- d-----w- C:\Users\l\AppData\Local\temp
2014-05-17 13:08:47 1031560 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBFDA6F8-C9CE-4B93-95AC-772234B75B61}\gapaengine.dll
2014-05-17 13:08:06 10651704 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-17 12:37:03 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-17 12:36:21 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-17 12:36:21 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-17 12:36:21 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-17 12:36:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-17 12:36:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-13 00:18:30 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-13 00:16:54 -------- d-----w- C:\Users\l\AppData\Roaming\hpqLog
2014-05-12 09:07:33 693760 ----a-w- C:\windows\System32\WSShared.dll
2014-05-12 09:07:33 628024 ----a-w- C:\windows\System32\NotificationUI.exe
2014-05-12 09:07:32 566784 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-05-12 09:07:32 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-12 09:07:32 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-12 09:04:40 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2014-05-12 09:04:40 54488 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2014-05-12 07:59:47 25600 ----a-w- C:\windows\System32\drivers\usbprint.sys
2014-05-12 06:18:45 99328 ----a-w- C:\windows\System32\drivers\usbcir.sys
2014-05-12 02:23:57 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-05-12 02:23:56 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-05-12 02:20:15 1890816 ----a-w- C:\windows\System32\crypt32.dll
2014-05-12 02:20:14 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-05-12 01:42:55 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-05-12 01:42:55 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
2014-05-12 00:37:18 4036608 ----a-w- C:\windows\System32\win32k.sys
2014-05-11 19:08:59 1255936 ----a-w- C:\windows\System32\certutil.exe
2014-05-11 19:08:59 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2014-05-11 19:08:58 141312 ----a-w- C:\windows\System32\cryptnet.dll
2014-05-11 19:08:58 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2014-05-11 12:58:35 -------- d-----w- C:\Users\l\AppData\Local\Programs
2014-05-11 12:55:40 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-05-11 08:20:38 893952 ----a-w- C:\windows\SysWow64\msctf.dll
2014-05-11 08:16:59 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2014-05-11 08:14:14 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2014-05-11 08:14:14 46080 ----a-w- C:\windows\System32\atmlib.dll
2014-05-11 08:14:14 362496 ----a-w- C:\windows\System32\atmfd.dll
2014-05-11 08:14:14 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2014-05-11 08:14:14 32768 ----a-w- C:\windows\System32\drivers\hidparse.sys
2014-05-11 08:14:14 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2014-05-11 08:14:14 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2014-05-11 08:10:45 79192 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-05-11 08:10:45 623448 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-05-11 08:10:45 498008 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-05-11 08:10:45 32256 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-05-11 08:10:45 21848 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-05-11 08:10:45 120832 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-05-11 08:10:31 566784 ----a-w- C:\windows\System32\wvc.dll
2014-05-11 08:10:31 462336 ----a-w- C:\windows\System32\sysmon.ocx
2014-05-11 08:10:31 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx
2014-05-11 08:10:31 1374208 ----a-w- C:\windows\System32\wdc.dll
2014-05-11 08:10:31 1245696 ----a-w- C:\windows\SysWow64\wdc.dll
2014-05-11 08:10:30 437248 ----a-w- C:\windows\SysWow64\wvc.dll
2014-05-11 08:10:08 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
2014-05-11 08:07:02 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2014-05-11 08:07:02 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2014-05-11 08:07:02 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2014-05-11 08:07:00 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2014-05-11 08:07:00 337408 ----a-w- C:\windows\System32\wintrust.dll
2014-05-11 08:06:59 98304 ----a-w- C:\windows\System32\apprepsync.dll
2014-05-11 08:06:59 124416 ----a-w- C:\windows\System32\apprepapi.dll
2014-05-11 08:06:45 337752 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2014-05-11 08:06:45 213336 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2014-05-11 08:06:36 2032640 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-05-11 08:06:35 3288576 ----a-w- C:\windows\SysWow64\d2d1.dll
2014-05-11 08:06:35 2238976 ----a-w- C:\windows\System32\d3d10warp.dll
2014-05-11 08:06:34 3842560 ----a-w- C:\windows\System32\d2d1.dll
2014-05-11 08:05:30 861184 ----a-w- C:\windows\System32\drivers\http.sys
2014-05-11 08:05:17 2062848 ----a-w- C:\windows\System32\d3d11.dll
2014-05-11 08:05:17 1711616 ----a-w- C:\windows\SysWow64\d3d11.dll
2014-05-11 08:05:14 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2014-05-11 08:05:13 2851840 ----a-w- C:\windows\System32\esent.dll
2014-05-11 08:05:04 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2014-05-11 08:05:03 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2014-05-11 08:03:26 25088 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2014-05-11 08:03:25 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2014-05-11 08:03:23 595968 ----a-w- C:\windows\System32\qedit.dll
2014-05-11 08:03:23 496640 ----a-w- C:\windows\SysWow64\qedit.dll
2014-05-11 08:03:11 1628160 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-05-11 08:03:11 1339392 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-05-11 08:03:09 288768 ----a-w- C:\windows\System32\drivers\portcls.sys
2014-05-11 08:02:53 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2014-05-11 08:02:53 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2014-05-11 08:01:53 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2014-05-11 08:01:53 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-05-11 08:01:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2014-05-11 08:01:52 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2014-05-11 08:01:52 2304512 ----a-w- C:\windows\System32\authui.dll
2014-05-11 08:01:52 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2014-05-11 08:01:52 10116608 ----a-w- C:\windows\System32\twinui.dll
2014-05-10 14:17:22 26624 ----a-w- C:\windows\System32\ReAgentc.exe
2014-05-10 14:17:22 24064 ----a-w- C:\windows\SysWow64\ReAgentc.exe
2014-05-08 14:44:31 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-04 21:44:24 -------- d-----w- C:\Users\l\AppData\Roaming\DropboxMaster
2014-05-04 21:41:27 -------- d-----w- C:\Users\l\AppData\Roaming\Dropbox
2014-05-04 21:28:48 -------- d-----w- C:\Users\l\Intel
2014-05-04 21:28:37 -------- d-----w- C:\Users\l\AppData\Roaming\WinBatch
2014-05-04 21:23:30 -------- d-----w- C:\Users\l\AppData\Roaming\AVAST Software
2014-05-04 15:17:24 796760 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\srtsp64.sys
2014-05-04 15:17:24 493656 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\symds64.sys
2014-05-04 15:17:24 433752 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\symnets.sys
2014-05-04 15:17:24 36952 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\srtspx64.sys
2014-05-04 15:17:24 23448 ----a-r- C:\windows\System32\drivers\NISx64\1405000.01C\symelam.sys
2014-05-04 15:17:24 224416 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\ironx64.sys
2014-05-04 15:17:24 169048 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\ccsetx64.sys
2014-05-04 15:17:24 1139800 ----a-w- C:\windows\System32\drivers\NISx64\1405000.01C\symefa64.sys
2014-05-04 15:17:15 -------- d-----w- C:\windows\System32\drivers\NISx64\1405000.01C
2014-04-30 21:28:03 98816 ----a-w- C:\windows\sed.exe
2014-04-30 21:28:03 256000 ----a-w- C:\windows\PEV.exe
2014-04-30 21:28:03 208896 ----a-w- C:\windows\MBR.exe
2014-04-27 14:48:06 -------- d-----w- C:\Program Files (x86)\GUM570E.tmp
2014-04-27 14:28:02 -------- d-----w- C:\Users\l\AppData\Local\Microsoft Help
2014-04-27 14:23:31 -------- d-----w- C:\Program Files (x86)\GUMD585.tmp
2014-04-27 14:23:29 -------- d-----w- C:\Users\l\AppData\Local\Google
2014-04-27 14:22:59 -------- d-----w- C:\Users\l\AppData\Local\Deployment
2014-04-27 14:22:59 -------- d-----w- C:\Users\l\AppData\Local\Apps
2014-04-27 01:20:16 -------- d-----w- C:\windows\System32\drivers\NISx64\1404000.028
.
==================== Find3M ====================
.
2014-05-17 12:54:21 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-17 12:54:21 447888 ----a-w- C:\windows\System32\drivers\aswndisflt.sys
2014-05-17 12:54:21 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-12 08:27:52 199680 ----a-w- C:\windows\System32\cdd.dll
2014-05-04 21:19:42 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-05-04 21:19:42 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-04 21:19:42 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-04 21:19:42 43152 ----a-w- C:\windows\avastSS.scr
2014-05-04 21:19:42 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-04 21:19:42 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-04 21:19:41 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-05-01 20:37:50 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37:50 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-04-12 09:27:03 172888 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31 578048 ----a-w- C:\windows\System32\winlogon.exe
2014-04-12 09:09:43 208896 ----a-w- C:\windows\System32\wdigest.dll
2014-04-12 09:09:39 1043968 ----a-w- C:\windows\System32\usercpl.dll
2014-04-12 09:09:34 94720 ----a-w- C:\windows\System32\TSpkg.dll
2014-04-12 09:09:19 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-04-12 09:08:37 318464 ----a-w- C:\windows\System32\msv1_0.dll
2014-04-12 09:08:17 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 09:08:10 827904 ----a-w- C:\windows\System32\kerberos.dll
2014-04-12 09:07:36 20480 ----a-w- C:\windows\System32\credssp.dll
2014-04-12 07:23:59 178688 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-04-12 07:23:52 961536 ----a-w- C:\windows\SysWow64\usercpl.dll
2014-04-12 07:23:49 76800 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-04-12 07:23:14 273920 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58 666624 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-04-12 07:22:33 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-04-12 06:58:06 14848 ----a-w- C:\windows\System32\workerdd.dll
2014-03-28 19:19:38 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-03-28 08:23:00 1287168 ----a-w- C:\windows\System32\schedsvc.dll
2014-03-23 22:11:52 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-03-11 03:32:43 6987096 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-03-11 03:25:51 100184 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-03-11 00:41:55 323072 ----a-w- C:\windows\SysWow64\schannel.dll
2014-03-11 00:41:51 559104 ----a-w- C:\windows\SysWow64\objsel.dll
2014-03-11 00:41:24 38400 ----a-w- C:\windows\SysWow64\dimsroam.dll
2014-03-11 00:39:12 35840 ----a-w- C:\windows\System32\lsass.exe
2014-03-11 00:38:58 27648 ----a-w- C:\windows\System32\sspisrv.dll
2014-03-11 00:38:58 164864 ----a-w- C:\windows\System32\sspicli.dll
2014-03-11 00:38:53 419328 ----a-w- C:\windows\System32\schannel.dll
2014-03-11 00:38:47 684032 ----a-w- C:\windows\System32\objsel.dll
2014-03-11 00:38:31 982016 ----a-w- C:\windows\System32\KernelBase.dll
2014-03-11 00:38:23 45056 ----a-w- C:\windows\System32\dimsroam.dll
2014-03-11 00:38:23 179712 ----a-w- C:\windows\System32\dpapisrv.dll
2014-03-10 03:05:14 668160 ----a-w- C:\windows\SysWow64\KernelBase.dll
2014-03-10 01:27:03 99840 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-03-07 00:48:11 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-07 00:47:24 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-03-07 00:08:06 3959808 ----a-w- C:\windows\System32\jscript9.dll
2014-03-03 23:07:48 570216 ----a-w- C:\windows\System32\drivers\cng.sys
.
============= FINISH: 14:15:58.47 ===============

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users