Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Personal computer infected

Started by DSROTTI , Dec 01 2014 12:03 AM
paytordmbdekmizq.tankto decrypt instructions RSA-2048

  • Please log in to reply
3 replies to this topic

#1 DSROTTI

DSROTTI

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 December 2014 - 12:03 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by online (ATTENTION: The logged in user is not administrator) on ONLINE-PC on 30-11-2014 21:23:42
Running from C:\Users\online\Desktop
Loaded Profile: online (Available profiles: online & Installer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-03-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-09] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe [54072 2014-11-10] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\MountPoints2: H - H:\menu.exe
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\MountPoints2: {1dc2280d-a398-11e2-b074-50e549bd3a1d} - H:\iStudio.exe
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\...\MountPoints2: {5dd251d0-c16e-11e2-9f40-50e549bd3a1d} - H:\menu.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-1922939888-4021428619-278712268-1000\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibethel.tv/
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x230E179CC066CD01
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-1922939888-4021428619-278712268-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-12]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://startpage.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\online\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\online\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (RealDownloader) - C:\Users\online\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-13]
CHR Extension: (Google Wallet) - C:\Users\online\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-07] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-07] ()
S4 LMIRfsClientNP; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S1 SASDIFSV; \??\C:\Users\INSTAL~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\INSTAL~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 21:27 - 2014-11-30 21:29 - 02117120 _____ (Farbar) C:\Users\online\Downloads\FRST64 (1).exe
2014-11-30 21:23 - 2014-11-30 21:28 - 00017462 _____ () C:\Users\online\Desktop\FRST.txt
2014-11-27 00:33 - 2014-11-27 00:33 - 02117632 _____ (Farbar) C:\Users\online\Desktop\FRST64.exe
2014-11-27 00:32 - 2014-11-27 00:33 - 02117632 _____ (Farbar) C:\Users\online\Downloads\FRST64.exe
2014-11-27 00:08 - 2014-11-27 00:08 - 00006588 _____ () C:\Users\online\Desktop\startuplist.txt
2014-11-27 00:07 - 2014-11-27 00:07 - 00006588 _____ () C:\Users\online\Downloads\startuplist.txt
2014-11-27 00:04 - 2014-11-27 00:09 - 00010607 _____ () C:\Users\online\Desktop\hijackthis.log
2014-11-27 00:01 - 2014-11-27 00:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\online\Downloads\HiJackThis (3).exe
2014-11-26 23:49 - 2014-11-27 00:09 - 00010607 _____ () C:\Users\online\Downloads\hijackthis.log
2014-11-26 23:48 - 2014-11-26 23:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\online\Downloads\HiJackThis (2).exe
2014-11-26 23:48 - 2014-11-26 23:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\online\Downloads\HiJackThis (1).exe
2014-11-26 23:47 - 2014-11-26 23:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\online\Downloads\HiJackThis.exe
2014-11-21 19:03 - 2014-11-21 19:03 - 01077968 _____ (RealNetworks, Inc.) C:\Users\online\Downloads\RealPlayerCloud (1).exe
2014-11-21 19:01 - 2014-11-21 19:01 - 01077968 _____ (RealNetworks, Inc.) C:\Users\online\Downloads\RealPlayerCloud.exe
2014-11-21 18:50 - 2014-11-21 18:53 - 318337992 _____ () C:\Users\online\Downloads\Windows6.1-KB968211-x64-RefreshPkg.msu
2014-11-21 18:49 - 2014-11-21 18:51 - 291852366 _____ () C:\Users\online\Downloads\Windows6.1-KB968211-x86-RefreshPkg.msu
2014-11-20 19:51 - 2014-11-20 19:51 - 00000000 ____D () C:\Users\online\AppData\Local\CrashDumps
2014-11-18 16:10 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:10 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:10 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:10 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 22:15 - 2014-11-26 23:09 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 22:10 - 2014-11-16 22:10 - 00000906 __RSH () C:\Users\online\ntuser.pol
2014-11-16 22:07 - 2014-11-26 23:06 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 21:57 - 2014-11-16 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-11-16 21:57 - 2014-11-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-16 21:21 - 2014-11-16 21:53 - 00000000 ____D () C:\ComboFix
2014-11-16 21:21 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-16 21:21 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-16 21:21 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-16 21:21 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-16 21:21 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-16 21:21 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-16 21:21 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-16 21:21 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-16 21:20 - 2014-11-16 21:52 - 00000000 ____D () C:\Qoobox
2014-11-16 21:19 - 2014-11-16 21:51 - 00000000 ____D () C:\Windows\erdnt
2014-11-16 20:28 - 2014-11-16 20:28 - 00000632 __RSH () C:\Users\Installer\ntuser.pol
2014-11-16 20:09 - 2014-11-30 21:23 - 00000000 ____D () C:\FRST
2014-11-16 19:17 - 2014-11-16 19:34 - 00000000 ____D () C:\NPE
2014-11-16 19:09 - 2014-11-16 19:09 - 00000000 ____D () C:\ProgramData\Norton
2014-11-16 16:27 - 2014-11-30 13:29 - 00001120 _____ () C:\Windows\setupact.log
2014-11-16 16:27 - 2014-11-16 16:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-16 16:26 - 2014-11-16 22:09 - 00002246 _____ () C:\Windows\PFRO.log
2014-11-15 11:31 - 2014-11-14 19:16 - 14439696 _____ (Malwarebytes Corp.) C:\Users\online\Desktop\mbar-1.08.1.1001.exe
2014-11-15 02:13 - 2014-11-15 02:13 - 00011000 _____ () C:\Users\Installer\Documents\cc_20141115_021354.reg
2014-11-15 02:06 - 2014-11-15 02:06 - 00189830 _____ () C:\Users\Installer\Documents\cc_20141115_020612.reg
2014-11-15 01:50 - 2014-11-15 02:12 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-15 01:50 - 2014-11-15 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-15 01:50 - 2014-11-15 02:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-14 20:00 - 2014-11-30 13:36 - 00000392 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Installer.job
2014-11-14 19:54 - 2014-11-30 18:02 - 00000386 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Installer.job
2014-11-14 19:53 - 2014-11-29 22:13 - 00000382 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Installer.job
2014-11-14 19:32 - 2014-11-26 23:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-13 15:51 - 2014-11-13 15:51 - 00000000 __SHD () C:\Users\online\AppData\Local\EmieBrowserModeList
2014-11-12 19:49 - 2014-11-12 19:49 - 00008508 _____ () C:\Users\online\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-12 19:49 - 2014-11-12 19:49 - 00004194 _____ () C:\Users\online\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-12 15:38 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 15:38 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 15:38 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 15:38 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 15:38 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 15:38 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 15:38 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 15:38 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 15:38 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 15:38 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 15:38 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 15:38 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 15:38 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 15:38 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 15:38 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 15:38 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 15:38 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 15:38 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 15:38 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 15:38 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 15:38 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 15:38 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 15:38 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 15:38 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 15:38 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 15:38 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 15:38 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 15:38 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 15:38 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 15:38 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 15:38 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 15:38 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 15:38 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 15:38 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 15:38 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 15:37 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 15:37 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 15:37 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 15:37 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 15:37 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 15:37 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 15:37 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 15:37 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 15:37 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 15:37 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 15:37 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 15:37 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 15:37 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 15:37 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 15:37 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 15:37 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 15:37 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 15:37 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 15:37 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 15:37 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 15:37 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:55 - 2014-11-12 13:55 - 00008508 _____ () C:\Users\online\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-12 13:55 - 2014-11-12 13:55 - 00004194 _____ () C:\Users\online\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-12 13:44 - 2014-11-12 13:44 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-12 13:19 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:19 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:19 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:19 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:19 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:19 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 13:19 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 13:19 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 13:18 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:18 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:18 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:18 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:18 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:18 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 13:18 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 13:18 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 13:18 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 13:13 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:13 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:13 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 13:13 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 13:13 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:13 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 13:09 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:09 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:09 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 13:09 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:09 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 13:08 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:08 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 13:08 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:08 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 13:08 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:08 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:08 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:08 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:08 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:08 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 13:08 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 13:08 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-04 09:34 - 2014-11-04 09:34 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-04 09:34 - 2014-11-04 09:34 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-04 09:34 - 2014-11-04 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-04 09:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 21:25 - 2012-07-20 11:46 - 01394343 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 21:22 - 2012-07-20 13:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 13:37 - 2009-07-13 20:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:37 - 2009-07-13 20:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:36 - 2012-07-20 13:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 13:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 00:24 - 2012-07-20 13:48 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-27 00:24 - 2009-07-13 21:13 - 00792654 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 19:10 - 2014-09-21 22:01 - 00000000 ____D () C:\Users\online\AppData\Roaming\SketchUp
2014-11-25 19:10 - 2013-08-31 10:52 - 00000000 ____D () C:\Users\online\AppData\Roaming\.minecraft
2014-11-25 19:10 - 2013-06-14 23:51 - 00000000 ____D () C:\Users\online\AppData\Roaming\Nero
2014-11-25 19:10 - 2013-04-12 15:58 - 00000000 ____D () C:\Users\online\AppData\Roaming\Intelli-studio
2014-11-25 19:10 - 2013-03-12 22:23 - 00000000 ____D () C:\Users\online\AppData\Roaming\RealNetworks
2014-11-25 19:10 - 2013-03-12 21:46 - 00000000 ____D () C:\Users\online\AppData\Roaming\Real
2014-11-25 19:10 - 2012-09-09 00:18 - 00000000 ____D () C:\Users\online\AppData\Roaming\Malwarebytes
2014-11-25 19:10 - 2012-08-21 20:07 - 00000000 ____D () C:\Users\online\AppData\Local\Apple Computer
2014-11-25 19:10 - 2012-08-04 21:14 - 00000000 ____D () C:\Users\online\AppData\Local\Activision
2014-11-25 19:10 - 2012-08-04 21:13 - 00000000 ____D () C:\Users\online\AppData\Local\Microsoft Games
2014-11-25 19:10 - 2012-07-27 08:13 - 00000000 ____D () C:\Users\online\AppData\Roaming\Roxio
2014-11-25 19:10 - 2012-07-20 15:11 - 00000000 ____D () C:\Users\online\AppData\Local\Cyberlink
2014-11-25 19:10 - 2012-07-20 13:50 - 00000000 ____D () C:\Users\online\AppData\Roaming\Adobe
2014-11-25 19:10 - 2012-07-20 13:47 - 00000000 ____D () C:\Users\online\AppData\Local\Google
2014-11-25 19:10 - 2012-07-20 12:09 - 00000000 ____D () C:\Users\online\AppData\Local\AMD
2014-11-24 15:50 - 2012-08-04 11:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-16 22:10 - 2012-07-20 11:52 - 00000000 ____D () C:\Users\online
2014-11-16 21:51 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 21:22 - 2009-07-13 21:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-16 20:28 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-15 12:39 - 2014-08-20 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-15 12:39 - 2014-06-09 21:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-15 02:38 - 2013-12-15 14:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-15 02:27 - 2013-06-23 21:49 - 00000000 ____D () C:\Users\online\Documents\Garmin
2014-11-15 02:27 - 2013-04-10 22:36 - 00000000 ____D () C:\Users\online\Desktop\Worship Teachings
2014-11-15 02:27 - 2012-08-20 16:07 - 00000000 ____D () C:\Users\online\Documents\Financial
2014-11-15 02:25 - 2014-08-19 21:32 - 00000000 ____D () C:\Users\online\Desktop\Heaven in Business 2014
2014-11-15 02:25 - 2014-08-19 11:15 - 00000000 ____D () C:\Users\online\Desktop\ISABELLA
2014-11-15 02:25 - 2014-01-03 14:06 - 00000000 ____D () C:\Users\online\Desktop\Pour It Out Images
2014-11-15 02:25 - 2013-12-22 17:31 - 00000000 ____D () C:\Users\online\Desktop\Walmart Photos
2014-11-15 02:25 - 2013-12-16 14:46 - 00000000 ____D () C:\Users\online\Desktop\Costco photos
2014-11-15 02:25 - 2013-12-15 21:41 - 00000000 ____D () C:\Users\online\Desktop\A Christmas Card 2013
2014-11-15 02:25 - 2013-12-15 14:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-15 02:25 - 2013-12-07 16:32 - 00000000 ____D () C:\Users\online\Desktop\mugs 2013
2014-11-15 02:25 - 2013-12-01 23:33 - 00000000 ____D () C:\ProgramData\Individual Software
2014-11-15 02:25 - 2013-09-03 09:08 - 00000000 ____D () C:\Users\online\Desktop\Scan
2014-11-15 02:25 - 2013-06-23 21:43 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-15 02:25 - 2013-05-16 18:06 - 00000000 ____D () C:\Users\online\Desktop\LEADER ADVANCE 2013
2014-11-15 02:25 - 2013-03-12 21:43 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-11-15 02:25 - 2013-03-12 21:35 - 00000000 ____D () C:\ProgramData\Real
2014-11-15 02:25 - 2012-12-21 22:31 - 00000000 ____D () C:\Users\online\Desktop\TKO1
2014-11-15 02:25 - 2012-10-14 21:45 - 00000000 ____D () C:\Users\online\Desktop\Referral Resources
2014-11-15 02:25 - 2012-10-12 20:45 - 00000000 ____D () C:\ProgramData\Canon_Inc_IC
2014-11-15 02:25 - 2012-08-20 12:11 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-15 02:25 - 2010-01-05 14:33 - 00000000 ____D () C:\Users\online\Desktop\Mortgage Mod
2014-11-15 02:25 - 2009-12-18 07:20 - 00000000 ____D () C:\Users\online\Desktop\Searle
2014-11-15 02:08 - 2013-03-18 11:46 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-11-15 02:08 - 2012-07-20 16:34 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-15 02:08 - 2012-07-20 16:34 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-15 02:04 - 2012-09-24 13:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-15 02:04 - 2012-07-20 12:42 - 00000000 ____D () C:\Windows\Panther
2014-11-14 23:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 23:02 - 2014-01-28 15:48 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-14 23:02 - 2014-01-28 15:48 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-14 20:46 - 2012-08-04 11:20 - 00000000 ____D () C:\Windows\Msagent
2014-11-14 16:03 - 2014-08-26 20:04 - 00000214 _____ () C:\Windows\wininit.ini
2014-11-13 11:06 - 2009-07-13 20:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 23:59 - 2013-10-30 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 23:53 - 2012-07-20 13:04 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 13:55 - 2012-07-20 11:52 - 00000000 ____D () C:\Users\online\AppData\Local\VirtualStore
2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-03 21:03 - 2012-07-20 16:34 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-11-03 21:03 - 2012-07-20 16:34 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-11-03 21:03 - 2012-07-20 16:34 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================
 
 
StartupList report, 11/27/2014, 12:07:44 AM
StartupList version: 1.52.2
Started from : C:\Users\online\Downloads\HiJackThis (3).EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v11.0 (11.00.9600.17420)
* Using default options
==================================================
 
Running processes:
 
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\online\Downloads\HiJackThis (3).exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Dolby Home Theater v4 = "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
TkBellExe = "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
(Default) = 
SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Rootkit (cleanup) = "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HP Officejet Pro 8600 (NET) = "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN29SBS13P05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
Uploader = C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*
 
--------------------------------------------------
 
Shell & screensaver key from C:\Windows\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
(no name) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
ReclaimerUpdateFiles_Installer.job
ReclaimerUpdateXML_Installer.job
RNUpgradeHelperLogonPrompt_Installer.job
 
--------------------------------------------------
 
Enumerating Download Program Files:
 
[Dldrv2 Control]
InProcServer32 = C:\Windows\DOWNLO~1\Dldrv.ocx
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
End of report, 6,771 bytes
Report generated in 0.063 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:06 AM, on 11/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\online\Downloads\HiJackThis (3).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibethel.tv/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe" "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN29SBS13P05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10605 bytes
 
 

 


    Advertisements

Register to Remove

#2 DSROTTI

DSROTTI

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 02 December 2014 - 01:36 AM

Please let me know if you need me to rerun as an admin - thanks


#3 DSROTTI

DSROTTI

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 December 2014 - 11:20 PM

RUN AS ADMIN

 

StartupList report, 12/4/2014, 10:17:40 PM
StartupList version: 1.52.2
Started from : C:\Users\Installer\Desktop\HijackThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v11.0 (11.00.9600.17420)
* Using default options
==================================================
 
Running processes:
 
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Installer\Desktop\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Dolby Home Theater v4 = "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
TkBellExe = "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
(Default) = 
SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
GarminExpressTrayApp = "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*
 
--------------------------------------------------
 
Shell & screensaver key from C:\Windows\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\Program Files (x86)\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
(no name) - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
ReclaimerUpdateFiles_Installer.job
ReclaimerUpdateXML_Installer.job
RNUpgradeHelperLogonPrompt_Installer.job
 
--------------------------------------------------
 
Enumerating Download Program Files:
 
[Dldrv2 Control]
InProcServer32 = C:\Windows\DOWNLO~1\Dldrv.ocx
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 
--------------------------------------------------
 
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
 
Windows NT checkdisk command:
BootExecute = autocheck autochk *
 
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.old||C:\ProgramData\Malwarebytes' Anti-Malware (portable)||C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.old
 
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
End of report, 6,517 bytes
Report generated in 0.063 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 
 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:15:26 PM, on 12/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Installer\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9955 bytes
 

Edited by DSROTTI, 05 December 2014 - 12:32 AM.

#4 DSROTTI

DSROTTI

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 20 December 2014 - 12:05 AM

15 Days later still no response. Is this site even active?


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·