LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: 4on4off on July 17, 2013, 04:03:12 PM

Title: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 17, 2013, 04:03:12 PM
Hello,

My niece got a new laptop running windows 8. Doing her usual teenage girl facebook stuff and what not she got an update for adobe notice, which she clicked ok on. I don't know if that was legit or not but soon after she was getting popups relating to dating Asian women and suggestions to clean windows 8 by running some scan.

I got my hands on it and when I first got on the net I witnessed the popup ads for the Asian women and also the adobe update that didn't look like any I had seen before. I have not used windows 8 much but I would think the updates should be at least similar to other operating systems in appearance.

I fired up in safe mode and ran: ( I also disabled just about everything at startup via the task manager when doing this)

tdsskiller which found nothing.
mbam which found and removed 35 items(still have the log)
mbar which found and removed 5 items(still have the log)
adwcleaner
JRT which among other things had this registry entry found (Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?)

Also, working my way to this making this post an ie window opens up stating the following:
 "ATTENTION! It is recommended that you download FLV MPlayer to continue."

The title at the top of the browser says...... bizcoaching dot info .......

I think that it is all

Here is the security check log:

 Results of screen317's Security Check version 0.99.69 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2013   
 Adobe Flash Player    11.8.800.94 
 Google Chrome 28.0.1500.71 
 Google Chrome 28.0.1500.72 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

Here are the dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Ashley at 9:38:23 on 2013-07-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2791 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: GetSavin 5.0: {B3522C04-B9DB-4C57-AA22-929092423BDD} -
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat
BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: LyricsSing: {F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} - C:\Program Files (x86)\LyricSing\122.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pokki] C:\Windows\System32\rundll32.exe "C:\Users\Ashley\AppData\Local\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Ashley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}\F46666963656534376 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
x64-TB: SmileysWeLove: {cf0f43ab-9c23-4d7b-8040-201b82844854} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-1 98208]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-7-1 32808]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-1 165760]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-7-13 144368]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-1 364416]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\Drivers\NISx64\1404000.028\ccsetx64.sys [2013-7-13 169048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-12 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSviA64.sys [2013-7-16 513184]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]
R3 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1404000.028\symds64.sys [2013-7-13 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1404000.028\symefa64.sys [2013-7-13 1139800]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\ironx64.sys [2013-7-13 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symnets.sys [2013-7-13 433752]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1404000.028\symelam.sys [2013-7-13 23448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-1 266896]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]
.
=============== Created Last 30 ================
.
2013-07-17 16:25:02   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07:58   --------   d-----w-   C:\Windows\ERUNT
2013-07-17 06:51:07   173   ----a-w-   C:\Windows\DeleteOnReboot.bat
2013-07-17 05:23:26   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40:40   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Malwarebytes
2013-07-17 04:40:31   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-17 04:40:30   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-07-17 04:40:30   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40:11   --------   d-----w-   C:\Users\Ashley\AppData\Local\Programs
2013-07-17 04:07:50   80216   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07:50   694616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-17 03:39:44   --------   d-----w-   C:\Windows\pss
2013-07-15 18:31:19   --------   d-----w-   C:\Program Files (x86)\LyricSing
2013-07-15 02:40:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\CyberLink
2013-07-14 18:51:08   34656   ----a-w-   C:\Windows\System32\TURegOpt.exe
2013-07-14 18:51:03   25952   ----a-w-   C:\Windows\System32\authuitu.dll
2013-07-14 18:51:03   21344   ----a-w-   C:\Windows\SysWow64\authuitu.dll
2013-07-14 18:50:33   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\TuneUp Software
2013-07-14 18:50:25   --------   d-----w-   C:\Program Files (x86)\TuneUp Utilities 2013
2013-07-14 18:50:22   --------   d-----w-   C:\ProgramData\TuneUp Software
2013-07-14 18:50:14   --------   d-sh--w-   C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49:28   --------   d-----w-   C:\Program Files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49:01   --------   d-----w-   C:\Program Files (x86)\Tiny Media Player
2013-07-14 18:44:32   --------   d-----w-   C:\Users\Ashley\AppData\Local\Pokki
2013-07-14 18:42:17   --------   d-----w-   C:\Users\Ashley\AppData\Local\Updater21058
2013-07-14 18:41:08   --------   d-----w-   C:\Users\Ashley\AppData\Local\CRE
2013-07-13 19:18:39   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-13 19:15:05   --------   d-----w-   C:\Program Files\Paint.NET
2013-07-13 19:14:32   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2013-07-13 19:14:15   --------   d-----w-   C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2013-07-13 19:13:51   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-07-13 19:13:41   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar
2013-07-13 19:13:35   --------   d-----w-   C:\Program Files (x86)\AVG SafeGuard toolbar
2013-07-13 19:13:34   --------   d-----w-   C:\Users\Ashley\AppData\Local\Paint.NET
2013-07-13 19:12:43   --------   d--h--w-   C:\ProgramData\Common Files
2013-07-13 17:29:32   433752   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-07-13 17:29:32   23448   ----a-r-   C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-07-13 17:29:31   796760   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-07-13 17:29:31   493656   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-07-13 17:29:31   36952   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-07-13 17:29:31   224416   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-07-13 17:29:31   169048   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-07-13 17:29:31   1139800   ----a-w-   C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-07-13 17:29:05   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1404000.028
2013-07-13 03:16:07   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-07-13 03:16:07   135680   ----a-w-   C:\Windows\System32\appserverai.dll
2013-07-13 03:16:07   126976   ----a-w-   C:\Windows\System32\RDWebAI.dll
2013-07-13 03:16:07   122880   ----a-w-   C:\Windows\System32\VmHostAI.dll
2013-07-13 03:16:06   148480   ----a-w-   C:\Windows\System32\poqexec.exe
2013-07-13 03:16:06   132608   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2013-07-13 03:08:59   2361344   ----a-w-   C:\Windows\System32\msxml6.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-07-13 03:08:58   1836032   ----a-w-   C:\Windows\System32\msxml3.dll
2013-07-13 03:08:58   1802240   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-07-13 03:08:58   1438720   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-07-12 19:55:19   --------   d-----w-   C:\Users\Ashley\AppData\Local\Adobe
2013-07-12 19:47:04   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\hpqlog
2013-07-12 17:18:32   50784   ----a-w-   C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18:30   17536   ----a-w-   C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02:49   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-12 07:00:53   --------   d-----w-   C:\Users\Ashley\AppData\Local\DefineExt
2013-07-12 06:58:54   --------   d-----w-   C:\Users\Ashley\AppData\Local\Real
2013-07-12 06:58:47   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\RealNetworks
2013-07-12 06:58:21   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2013-07-12 06:58:19   --------   d-----w-   C:\ProgramData\RealNetworks
2013-07-12 06:58:09   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2013-07-12 06:57:24   --------   d-----w-   C:\Users\Ashley\AppData\Local\Google
2013-07-12 04:02:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2013-07-12 04:02:14   --------   d-----w-   C:\Users\Ashley\AppData\Local\Hewlett-Packard
2013-07-12 02:54:40   --------   d-----w-   C:\Users\Ashley\AppData\Local\CrashDumps
2013-07-12 02:54:21   --------   d-----w-   C:\Users\Ashley\AppData\Local\Diagnostics
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Searches
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Contacts
2013-07-12 02:43:14   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Synaptics
2013-07-12 02:43:07   --------   d-----w-   C:\Users\Ashley\AppData\Local\Power2Go8
2013-07-12 02:42:46   --------   d-----w-   C:\Users\Ashley\AppData\Local\VirtualStore
2013-07-12 02:42:30   --------   d-----w-   C:\Users\Ashley\AppData\Local\Packages
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Videos
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Saved Games
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Pictures
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Music
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Links
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Downloads
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Documents
.
==================== Find3M  ====================
.
2013-07-13 17:31:11   177312   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57:57   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2013-07-12 06:57:57   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-05-17 02:12:26   819440   ----a-w-   C:\Windows\System32\SynCOM.dll
2013-05-17 02:12:26   351984   ----a-w-   C:\Windows\SysWow64\SynCom.dll
2013-05-17 02:12:22   524016   ----a-w-   C:\Windows\System32\drivers\SynTP.sys
2013-05-17 02:12:22   192240   ----a-w-   C:\Windows\System32\SynTPCo19.dll
2013-05-17 02:12:22   151280   ----a-w-   C:\Windows\SysWow64\SynTPCom.dll
2013-05-17 02:12:20   264432   ----a-w-   C:\Windows\System32\SynTPAPI.dll
.
============= FINISH:  9:39:06.74 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:40:45 PM
System Uptime: 7/17/2013 9:32:13 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1854
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 398.843 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.738 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 7/12/2013 12:02:16 AM - Installed Skype™ 6.3
RP5: 7/13/2013 12:13:41 PM - Paint.NET v3.5.10
RP6: 7/14/2013 12:19:06 PM - Removed Smileys We Love Toolbar for IE
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
AVG SafeGuard toolbar
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
GetSavin
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
LyricsSing
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
MyPC Backup
Mystery P.I. - Curious Case of Counterfeit Cove
Norton Internet Security
Paint.NET v3.5.10
Peggle Nights
Penguins!
Pokki
Polar Bowler
Polar Golfer
QuickShare
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
RegCure Pro
Roads of Rome 3
Savings Explorer
Skype™ 6.3
Smileys We Love Toolbar for IE
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Tiny Media Player v1.0
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 9:32:56 AM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================


Sorry for the long windedness.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 17, 2013, 04:31:47 PM
Hi, 4on4off.  It has been a while since your family members have run into problems.  Fortunately, ComboFix has been updated to work with Windows 8.

Please follow these instructions carefully.

Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).

Now, please run ComboFix:
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 17, 2013, 05:02:41 PM
Hi Corrine,

"It has been a while since your family members have run into problems" :hysterical:

Ha! That's a good one! While they have had a good run with severe issues I have had to deal with several things that I am able to handle. It seems no matter how much I try to beat into their heads certain habits to stop this stuff from happening it does no good.

This one looks a bit beyond my abilities as I felt it required tools I am not experienced at yet. That is why I was considering the university. I truly do enjoy working on these things and it is so frustrating when I can't get it done.

Nice to hear from you again and thank you for the help.

Here is the combofix log:

ComboFix 13-07-16.01 - Ashley 07/17/2013  10:42:39.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2813 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 17:48 . 2013-07-17 17:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:51 . 2012-11-29 23:31   34656   ----a-w-   c:\windows\system32\TURegOpt.exe
2013-07-14 18:51 . 2012-11-29 23:31   25952   ----a-w-   c:\windows\system32\authuitu.dll
2013-07-14 18:51 . 2012-11-29 23:31   21344   ----a-w-   c:\windows\SysWow64\authuitu.dll
2013-07-14 18:50 . 2013-07-14 18:51   --------   d-----w-   c:\program files (x86)\TuneUp Utilities 2013
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-13 19:21   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
2013-06-26 23:07   830312   ----a-w-   c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B3522C04-B9DB-4C57-AA22-929092423BDD} - c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll
BHO-{e4ef8a64-0a30-48f5-b3fe-5fda978da775} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
Toolbar-{cf0f43ab-9c23-4d7b-8040-201b82844854} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll
BHO-{e4ef8a64-0a30-48f5-b3fe-5fda978da775} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll
Toolbar-{cf0f43ab-9c23-4d7b-8040-201b82844854} - c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader64.dll
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-17  10:51:11
ComboFix-quarantined-files.txt  2013-07-17 17:51
.
Pre-Run: 427,843,706,880 bytes free
Post-Run: 427,884,322,816 bytes free
.
- - End Of File - - 6C4FBADAE5D2319CB6FD80B6B5C84B69
D41D8CD98F00B204E9800998ECF8427E


4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 17, 2013, 06:56:32 PM
Hi, 4on4off.

Personally, I do not trust "PC optimizing" programs.  This includes TuneUp Utilities 2013 that your niece has installed.  To start, a new computer does not need "optimizing".  However, more seriously, Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and Windows 8 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

Regarding MyPCBackup, as indicated at WOT (mypcbackup.com (http://www.mywot.com/en/scorecard/mypcbackup.com/event-84510#events), the site does not have a very good reputation.  It was added to hpHOSTS 16APR2013 by MysteryFCM (who is Steven Burn, a fellow Microsoft Consumer Security MVP who also is a Research Engineer on the Malwarebytes Staff).

I would encourage you to consider uninstalling both MyPCBackup and TuneUp Utilities 2013.

There is a file that was in the DDS log that I'm not seeing in ComboFix nor is it in the orphans removed.  Let's see if it shows up this way.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Code: [Select]
FileLook::
C:\Windows\system32\dwm.exe

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 17, 2013, 07:23:37 PM
Thanks Corrine,

Here is the new combofix log:

ComboFix 13-07-16.01 - Ashley 07/17/2013  13:01:37.2.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2169 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 20:06 . 2013-07-17 20:06   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:51 . 2012-11-29 23:31   34656   ----a-w-   c:\windows\system32\TURegOpt.exe
2013-07-14 18:51 . 2012-11-29 23:31   25952   ----a-w-   c:\windows\system32\authuitu.dll
2013-07-14 18:51 . 2012-11-29 23:31   21344   ----a-w-   c:\windows\SysWow64\authuitu.dll
2013-07-14 18:50 . 2013-07-14 18:51   --------   d-----w-   c:\program files (x86)\TuneUp Utilities 2013
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-13 19:21   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\dwm.exe ---
Company: Microsoft Corporation
File Description: Desktop Window Manager
File Version: 6.2.9200.16384 (win8_rtm.120725-1247)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: dwm.exe.mui
File size: 117760
Created time: 2012-07-25 23:43
Modified time: 2012-07-26 03:08
MD5: EC29CA52113EF803339B1680593390F0
SHA1: 8C8A73E2F976AA7ED7A7F4E8218FE5DB91AC63F2
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
2013-06-26 23:07   830312   ----a-w-   c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cf0f43ab-9c23-4d7b-8040-201b82844854}"= "c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{cf0f43ab-9c23-4d7b-8040-201b82844854}]
[HKEY_CLASSES_ROOT\SmileysWeLoveToolbar.SWLIEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-17  13:08:34
ComboFix-quarantined-files.txt  2013-07-17 20:08
ComboFix2.txt  2013-07-17 17:51
.
Pre-Run: 425,058,357,248 bytes free
Post-Run: 424,736,288,768 bytes free
.
- - End Of File - - 11834BE5BAC5D7274B0ABFA834E1D731
D41D8CD98F00B204E9800998ECF8427E

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 17, 2013, 08:45:58 PM
Thank you.  The file checked out.  :)

Did your niece intentionally install the Smileys We Love Toolbar for IE?  If it came bundled with other software, please uninstall it and let me know so I can include.

Also, if you are planning on uninstalling TuneUp Utilities 2013 and/or MyPCBackup, please do that now and let me know.

If none of the above files are being uninstalled, I'll just have a small script for you to run.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 17, 2013, 10:55:51 PM
HI Corrine,

Sorry for the delay, I had to take a short nap before heading to work tonight. I uninstalled the smiley toolbar, mypcbackup and tuneup utilities.....

Also, when I clicked reply to make this post another ie window popped up again with the bizcoach dot info address at the top...there is always nothing but a small rectangular box saying the following:

"ATTENTION! It is recommended that you download FLV MPlayer to continue."

I am not certain if this is something she has clicked on prior to her issues as well.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 18, 2013, 12:20:45 AM
That's fine, 4on4off.  I'm here & gone throughout the day -- preparing meals, running errands, taking the dogs out, at other forums...

I don't know if the box for the FLV Player is from Lyric Sing or not but I did not find any other indications of the specific .dll in Bing or Google and the CLSID has been removed as a BHO, let's see if removing that will solve the problem.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Code: [Select]
Folder::
c:\users\Ashley\AppData\Local\getsavin
c:\program files (x86)\LyricSing\122.dll

File::
c:\users\Ashley\AppData\Local\DefineExt\temp.dat

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cf0f43ab-9c23-4d7b-8040-201b82844854}"=-
[-HKEY_CLASSES_ROOT\clsid\{cf0f43ab-9c23-4d7b-8040-201b82844854}]
[-HKEY_CLASSES_ROOT\SmileysWeLoveToolbar.SWLIEToolbar]


Have a good night at work.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 18, 2013, 01:55:35 PM
Hi Corrine,

Just got home from work. After running combofix I tried using IE but cold not navigate anywhere so I am using chrome to do this. I noticed she has google for her home page and there is always a notice at the bottom for downloading either an update for a player or a missing plugin.... I reset ie to default settings and will restart the computer for it to take affect after posting this.

Here is the combofix log:

ComboFix 13-07-18.02 - Ashley 07/18/2013   7:31.3.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2697 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Ashley\AppData\Local\DefineExt\temp.dat"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashley\AppData\Local\DefineExt\temp.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-18 14:37 . 2013-07-18 14:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-17 04:07 . 2012-07-19 02:00   80216   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 04:07 . 2012-07-19 02:00   694616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-15 18:31 . 2013-07-15 18:31   --------   d-----w-   c:\program files (x86)\LyricSing
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-----w-   c:\programdata\TuneUp Software
2013-07-14 18:50 . 2013-07-14 18:50   --------   d-sh--w-   c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49 . 2013-07-14 19:16   --------   d-----w-   c:\program files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-13 19:18 . 2013-07-13 19:18   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:14 . 2013-07-17 23:48   --------   d-----w-   c:\program files (x86)\MyPC Backup
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:13 . 2013-07-13 19:13   --------   d-----w-   c:\program files (x86)\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 17:29 . 2013-07-13 19:20   --------   d-----w-   c:\windows\system32\drivers\NISx64\1404000.028
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 17:31 . 2012-09-02 04:43   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}]
2013-07-15 00:10   185856   ----a-w-   c:\program files (x86)\LyricSing\122.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1404000.028\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SymELAM.sys
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130716.001\IDSvia64.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\LyricsSing Update.job
- c:\program files (x86)\LyricSing\lSing.exe [2013-07-15 00:10]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Ashley\AppData\Local\DefineExt\temp.dat
AddRemove-GetSavin - c:\users\Ashley\AppData\Local\getsavin\uninst.exe
AddRemove-Savings Explorer - c:\program files (x86)\Savings Explorer\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-18  07:39:46
ComboFix-quarantined-files.txt  2013-07-18 14:39
ComboFix2.txt  2013-07-17 20:08
ComboFix3.txt  2013-07-17 17:51
.
Pre-Run: 422,632,075,264 bytes free
Post-Run: 422,262,693,888 bytes free
.
- - End Of File - - 93B01E661E7AE75C8A9874179FCAC86F
D41D8CD98F00B204E9800998ECF8427E


Thank you.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 18, 2013, 02:52:16 PM
After resetting ie to defaults and restarting the laptop I am able to navigate with ie now. Upon the restart the screen was blank and I got a message saying that lyric sing was not responding, I restarted and it came up okay.

I still get the ie window that pops up with the biz coaching . info redirect wanting me to install the player. I didn't want to paste the address but I found a link to the same issue over at bleeping when doing a search.

http://www.bleepingcomputer.com/forums/t/499939/infected-with-bizcoachinginfo-redirects-and-popups-in-all-browsers/

The biz coaching .info link in the above thread looks to be the same that I am experiencing.

This appears only to be happening in ie10 as I have tried browsing in chrome a little bit and it has not come up.

I might pass out soon since I just got home from work but I will be up in a few hours if that happens.

4

Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 18, 2013, 04:03:39 PM
I'll be out for a while as I have errands and an appointment.  Sleep well! 

Please do the following to remove Bizcoaching from IE:

-- Launch Internet Explorer and click on Tools (upper right).
-- Select the option Manage add-ons from the drop-down list.
-- Click on the option Toolbars and Extensions on left side of the window.
-- Click Bizcoaching.info to highlight and then click Remove.  (Do the same for any other items you wish to remove.

What I don't like is the continued re-appearance of BHO's that show as having been removed.  Let's see an if updated MBAM scan finds something else.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 18, 2013, 06:58:59 PM
Hi Corrine,

I woke up for a few minutes. I could not find the biz coaching add on via the manage add on route in ie. I did see other things like the smiley tool bar and lyric sing and what not but anything I highlighted did not have an option to remove.

I went ahead and uninstalled lyric sing via the control panel along with avg, Norton, getsavin and another item I can't remember the name of associated with ads regarding searching for savings. During this time I have not seen the biz coach pop up as of yet.

Here is the mbam quick scan log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Ashley :: SKAIA [administrator]

7/18/2013 12:51:11 PM
mbam-log-2013-07-18 (12-51-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213892
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Going for another nap.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 18, 2013, 07:07:53 PM
When you get a chance, please post fresh DDS logs.  (I had my eyes dilated so will want to wait until later or tomorrow to look at the logs.)
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 18, 2013, 07:18:30 PM
Ha. I took a peek just before laying back down and see you responded.

Here are the DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Ashley at 13:12:31 on 2013-07-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.3069 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: GetSavin 5.0: {B3522C04-B9DB-4C57-AA22-929092423BDD} -
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -
BHO: SmileysWeLoveToolbar: {e4ef8a64-0a30-48f5-b3fe-5fda978da775} -
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}\F46666963656534376 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-mPolicies-Explorer: NoDrives = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-1 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-1 98208]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-1 165760]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-1 364416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-1 683664]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-1 43832]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv;
RUnknown SymIRON;SymIRON;
RUnknown SymNetS;SymNetS;
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-1 266896]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-1 41272]
.
=============== Created Last 30 ================
.
2013-07-18 15:22:02   78200   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22:02   693112   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-18 14:45:26   --------   d-sh--w-   C:\$RECYCLE.BIN
2013-07-18 14:39:48   --------   d-----w-   C:\Users\Ashley\AppData\Local\temp
2013-07-17 23:45:29   2367528   ----a-w-   C:\Windows\System32\WSService.dll
2013-07-17 23:45:20   3265256   ----a-w-   C:\Windows\System32\drivers\evbda.sys
2013-07-17 23:45:09   2397184   ----a-w-   C:\Windows\System32\WpcMon.exe
2013-07-17 23:45:04   3847168   ----a-w-   C:\Windows\System32\d2d1.dll
2013-07-17 23:45:02   3964416   ----a-w-   C:\Windows\System32\WinSAT.exe
2013-07-17 23:43:45   301568   ----a-w-   C:\Windows\System32\newdev.dll
2013-07-17 23:43:44   76288   ----a-w-   C:\Windows\System32\newdev.exe
2013-07-17 23:43:44   75264   ----a-w-   C:\Windows\System32\ndadmin.exe
2013-07-17 23:43:44   74240   ----a-w-   C:\Windows\SysWow64\newdev.exe
2013-07-17 23:43:44   73728   ----a-w-   C:\Windows\SysWow64\ndadmin.exe
2013-07-17 23:43:44   275968   ----a-w-   C:\Windows\SysWow64\newdev.dll
2013-07-17 23:43:43   68608   ----a-w-   C:\Windows\System32\wwanprotdim.dll
2013-07-17 23:38:05   --------   d-----w-   C:\Program Files (x86)\VS Revo Group
2013-07-17 19:59:02   929792   ----a-w-   C:\Windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59:02   677888   ----a-w-   C:\Windows\System32\mfnetcore.dll
2013-07-17 19:59:02   673280   ----a-w-   C:\Windows\System32\mfmpeg2srcsnk.dll
2013-07-17 19:59:02   568832   ----a-w-   C:\Windows\SysWow64\mfnetcore.dll
2013-07-17 19:59:02   513024   ----a-w-   C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:59:02   1172992   ----a-w-   C:\Windows\System32\mfnetsrc.dll
2013-07-17 19:58:43   82944   ----a-w-   C:\Windows\SysWow64\dskquota.dll
2013-07-17 19:58:43   109568   ----a-w-   C:\Windows\System32\dskquota.dll
2013-07-17 19:50:25   368640   ----a-w-   C:\Windows\System32\sppwinob.dll
2013-07-17 19:48:49   7168   ----a-w-   C:\Windows\System32\KBDKURD.DLL
2013-07-17 19:47:59   93696   ----a-w-   C:\Windows\SysWow64\WcnApi.dll
2013-07-17 19:46:29   144384   ----a-w-   C:\Windows\System32\tssdisai.dll
2013-07-17 17:40:21   98816   ----a-w-   C:\Windows\sed.exe
2013-07-17 17:40:21   256000   ----a-w-   C:\Windows\PEV.exe
2013-07-17 17:40:21   208896   ----a-w-   C:\Windows\MBR.exe
2013-07-17 16:25:02   252080   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07:58   --------   d-----w-   C:\Windows\ERUNT
2013-07-17 06:51:07   173   ----a-w-   C:\Windows\DeleteOnReboot.bat
2013-07-17 05:23:26   --------   d-----w-   C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40:40   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Malwarebytes
2013-07-17 04:40:31   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-07-17 04:40:30   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-07-17 04:40:30   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40:11   --------   d-----w-   C:\Users\Ashley\AppData\Local\Programs
2013-07-17 03:39:44   --------   d-----w-   C:\Windows\pss
2013-07-15 02:40:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\CyberLink
2013-07-14 18:56:24   16114176   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56:23   15541248   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:50:33   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\TuneUp Software
2013-07-14 18:50:22   --------   d-----w-   C:\ProgramData\TuneUp Software
2013-07-14 18:50:14   --------   d-sh--w-   C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-14 18:49:28   --------   d-----w-   C:\Program Files (x86)\SqueekyChocolate, LLC
2013-07-14 18:49:01   --------   d-----w-   C:\Program Files (x86)\Tiny Media Player
2013-07-14 18:44:32   --------   d-----w-   C:\Users\Ashley\AppData\Local\Pokki
2013-07-14 18:42:17   --------   d-----w-   C:\Users\Ashley\AppData\Local\Updater21058
2013-07-14 18:41:08   --------   d-----w-   C:\Users\Ashley\AppData\Local\CRE
2013-07-14 02:37:13   17888   ----a-w-   C:\Windows\System32\msvcr100_clr0400.dll
2013-07-14 02:37:11   17888   ----a-w-   C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33:43   888320   ----a-w-   C:\Windows\System32\autochk.exe
2013-07-14 02:32:52   1300992   ----a-w-   C:\Windows\System32\gdi32.dll
2013-07-14 02:32:52   1022464   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2013-07-14 02:26:58   94208   ----a-w-   C:\Windows\SysWow64\mssitlb.dll
2013-07-13 19:18:39   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-07-13 19:15:05   --------   d-----w-   C:\Program Files\Paint.NET
2013-07-13 19:14:32   --------   d-----w-   C:\Program Files (x86)\MyPC Backup
2013-07-13 19:14:15   --------   d-----w-   C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
2013-07-13 19:13:51   45856   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
2013-07-13 19:13:41   --------   d-----w-   C:\ProgramData\AVG SafeGuard toolbar
2013-07-13 19:13:34   --------   d-----w-   C:\Users\Ashley\AppData\Local\Paint.NET
2013-07-13 19:12:43   --------   d--h--w-   C:\ProgramData\Common Files
2013-07-13 03:31:19   405504   ----a-w-   C:\Windows\System32\pcasvc.dll
2013-07-13 03:31:19   31232   ----a-w-   C:\Windows\System32\pcadm.dll
2013-07-13 03:31:19   13312   ----a-w-   C:\Windows\System32\pcalua.exe
2013-07-13 03:31:19   11776   ----a-w-   C:\Windows\System32\pcaevts.dll
2013-07-13 03:25:27   945152   ----a-w-   C:\Windows\System32\resetengmig.dll
2013-07-13 03:25:27   443392   ----a-w-   C:\Windows\System32\ReAgent.dll
2013-07-13 03:25:27   375808   ----a-w-   C:\Windows\SysWow64\ReAgent.dll
2013-07-13 03:25:27   2382336   ----a-w-   C:\Windows\SysWow64\esent.dll
2013-07-13 03:25:27   132096   ----a-w-   C:\Windows\System32\sysreset.exe
2013-07-13 03:25:27   1011200   ----a-w-   C:\Windows\System32\reseteng.dll
2013-07-13 03:25:26   2851840   ----a-w-   C:\Windows\System32\esent.dll
2013-07-13 03:16:20   2035200   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16:19   1617920   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-13 03:16:19   1306112   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16:19   1272320   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16:18   1413632   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16:18   1318912   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-13 03:16:18   1029632   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16:17   1455368   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-13 03:16:07   135680   ----a-w-   C:\Windows\System32\appserverai.dll
2013-07-13 03:16:07   126976   ----a-w-   C:\Windows\System32\RDWebAI.dll
2013-07-13 03:16:07   122880   ----a-w-   C:\Windows\System32\VmHostAI.dll
2013-07-13 03:16:06   148480   ----a-w-   C:\Windows\System32\poqexec.exe
2013-07-13 03:16:06   132608   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2013-07-13 03:14:57   595968   ----a-w-   C:\Windows\System32\qedit.dll
2013-07-13 03:13:32   733184   ----a-w-   C:\Windows\System32\win32spl.dll
2013-07-13 03:12:42   1558912   ----a-w-   C:\Program Files\Windows Defender\DbgHelp.dll
2013-07-13 03:08:59   2361344   ----a-w-   C:\Windows\System32\msxml6.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2013-07-13 03:08:58   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-07-13 03:08:58   1836032   ----a-w-   C:\Windows\System32\msxml3.dll
2013-07-13 03:08:58   1802240   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-07-13 03:08:58   1438720   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-07-12 19:55:19   --------   d-----w-   C:\Users\Ashley\AppData\Local\Adobe
2013-07-12 19:47:04   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\hpqlog
2013-07-12 17:18:32   50784   ----a-w-   C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18:30   17536   ----a-w-   C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02:49   --------   d-----r-   C:\Program Files (x86)\Skype
2013-07-12 07:00:53   --------   d-----w-   C:\Users\Ashley\AppData\Local\DefineExt
2013-07-12 06:58:54   --------   d-----w-   C:\Users\Ashley\AppData\Local\Real
2013-07-12 06:58:47   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\RealNetworks
2013-07-12 06:58:21   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2013-07-12 06:58:19   --------   d-----w-   C:\ProgramData\RealNetworks
2013-07-12 06:58:09   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2013-07-12 06:57:24   --------   d-----w-   C:\Users\Ashley\AppData\Local\Google
2013-07-12 04:02:36   --------   d-----w-   C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2013-07-12 04:02:14   --------   d-----w-   C:\Users\Ashley\AppData\Local\Hewlett-Packard
2013-07-12 02:54:40   --------   d-----w-   C:\Users\Ashley\AppData\Local\CrashDumps
2013-07-12 02:54:21   --------   d-----w-   C:\Users\Ashley\AppData\Local\Diagnostics
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Searches
2013-07-12 02:45:04   --------   d-----r-   C:\Users\Ashley\Contacts
2013-07-12 02:43:14   --------   d-----w-   C:\Users\Ashley\AppData\Roaming\Synaptics
2013-07-12 02:43:07   --------   d-----w-   C:\Users\Ashley\AppData\Local\Power2Go8
2013-07-12 02:42:46   --------   d-----w-   C:\Users\Ashley\AppData\Local\VirtualStore
2013-07-12 02:42:30   --------   d-----w-   C:\Users\Ashley\AppData\Local\Packages
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Videos
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Saved Games
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Pictures
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Music
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Links
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Downloads
2013-07-12 02:40:54   --------   d-----r-   C:\Users\Ashley\Documents
.
==================== Find3M  ====================
.
2013-07-12 06:57:57   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2013-07-12 06:57:57   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2013-06-16 22:41:31   997632   ----a-w-   C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-06-11 23:25:16   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-06-01 11:54:16   194816   ----a-w-   C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10   125184   ----a-w-   C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21   2391280   ----a-w-   C:\Windows\explorer.exe
2013-06-01 11:33:13   2233600   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35   337152   ----a-w-   C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35   213248   ----a-w-   C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33   327936   ----a-w-   C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31   6987008   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46   2106176   ----a-w-   C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52   364544   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05   67584   ----a-w-   C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03   496640   ----a-w-   C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19   493056   ----a-w-   C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09   850944   ----a-w-   C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09   1453568   ----a-w-   C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46   1842176   ----a-w-   C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06   680960   ----a-w-   C:\Windows\System32\vds.exe
2013-06-01 09:22:47   80896   ----a-w-   C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33   523264   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33   446976   ----a-w-   C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09   190976   ----a-w-   C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39   729600   ----a-w-   C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39   106496   ----a-w-   C:\Windows\System32\samlib.dll
2013-06-01 09:20:45   583168   ----a-w-   C:\Windows\System32\mscms.dll
2013-06-01 09:20:34   1527808   ----a-w-   C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34   1048576   ----a-w-   C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04   2219520   ----a-w-   C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58   207872   ----a-w-   C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42   785408   ----a-w-   C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57   37632   ----a-w-   C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23   4036096   ----a-w-   C:\Windows\System32\win32k.sys
2013-05-24 22:09:20   1403296   ----a-w-   C:\Windows\System32\winload.efi
2013-05-24 22:09:20   1271584   ----a-w-   C:\Windows\System32\winload.exe
2013-05-24 22:09:20   1217352   ----a-w-   C:\Windows\System32\winresume.efi
2013-05-24 22:09:20   1093904   ----a-w-   C:\Windows\System32\winresume.exe
2013-05-17 02:12:26   819440   ----a-w-   C:\Windows\System32\SynCOM.dll
2013-05-17 02:12:26   351984   ----a-w-   C:\Windows\SysWow64\SynCom.dll
2013-05-17 02:12:22   524016   ----a-w-   C:\Windows\System32\drivers\SynTP.sys
2013-05-17 02:12:22   192240   ----a-w-   C:\Windows\System32\SynTPCo19.dll
2013-05-17 02:12:22   151280   ----a-w-   C:\Windows\SysWow64\SynTPCom.dll
2013-05-17 02:12:20   264432   ----a-w-   C:\Windows\System32\SynTPAPI.dll
2013-05-15 22:37:03   44032   ----a-w-   C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49   53760   ----a-w-   C:\Windows\System32\UXInit.dll
2013-05-15 02:25:44   542208   ----a-w-   C:\Windows\System32\untfs.dll
2013-05-15 02:24:10   793088   ----a-w-   C:\Windows\SysWow64\autochk.exe
2013-05-15 02:24:01   482816   ----a-w-   C:\Windows\SysWow64\untfs.dll
2013-05-14 13:14:01   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17   120736   ----a-w-   C:\Windows\System32\AuthHost.exe
2013-05-04 07:34:17   446720   ----a-w-   C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:15   284416   ----a-w-   C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56   39424   ----a-w-   C:\Windows\System32\wuapp.exe
2013-05-04 06:59:51   1483776   ----a-w-   C:\Windows\System32\VSSVC.exe
2013-05-04 06:59:36   812544   ----a-w-   C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25   251904   ----a-w-   C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25   141824   ----a-w-   C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24   1619968   ----a-w-   C:\Windows\System32\wucltux.dll
2013-05-04 06:59:21   2842112   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08   13644288   ----a-w-   C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54   328192   ----a-w-   C:\Windows\System32\ubpm.dll
2013-05-04 06:58:54   10116096   ----a-w-   C:\Windows\System32\twinui.dll
2013-05-04 06:58:49   173568   ----a-w-   C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:49   1332736   ----a-w-   C:\Windows\System32\sysmain.dll
2013-05-04 06:58:48   330240   ----a-w-   C:\Windows\System32\stobject.dll
2013-05-04 06:58:28   93696   ----a-w-   C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02   470528   ----a-w-   C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02   151552   ----a-w-   C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01   169984   ----a-w-   C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59   17408   ----a-w-   C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46   560640   ----a-w-   C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:15   501760   ----a-w-   C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05   179712   ----a-w-   C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05   122368   ----a-w-   C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04   389120   ----a-w-   C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04   2305024   ----a-w-   C:\Windows\System32\authui.dll
2013-05-04 06:57:00   708096   ----a-w-   C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00   1131520   ----a-w-   C:\Windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53   419840   ----a-w-   C:\Windows\System32\intl.cpl
2013-05-04 04:58:34   34304   ----a-w-   C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14   758784   ----a-w-   C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02   83968   ----a-w-   C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02   125952   ----a-w-   C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:58   2620928   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49   10788864   ----a-w-   C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39   8857088   ----a-w-   C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39   247296   ----a-w-   C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35   303616   ----a-w-   C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16   18432   ----a-w-   C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04   151040   ----a-w-   C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04   115712   ----a-w-   C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02   14336   ----a-w-   C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48   411136   ----a-w-   C:\Windows\SysWow64\mfmp4srcsnk.dll
.
============= FINISH: 13:13:52.18 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2013 7:40:45 PM
System Uptime: 7/18/2013 8:31:05 AM (5 hours ago)
.
Motherboard: Hewlett-Packard |  | 1854
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz | U3E1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 394.74 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 2.738 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 7/12/2013 12:02:16 AM - Installed Skype™ 6.3
RP5: 7/13/2013 12:13:41 PM - Paint.NET v3.5.10
RP6: 7/14/2013 12:19:06 PM - Removed Smileys We Love Toolbar for IE
RP7: 7/17/2013 10:40:25 AM - ComboFix created restore point
RP8: 7/18/2013 12:42:41 PM - Revo Uninstaller's restore point - GetSavin
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Google Chrome
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Paint.NET v3.5.10
Peggle Nights
Penguins!
Pokki
Polar Bowler
Polar Golfer
QuickShare
Ralink RT5390R 802.11bgn Wi-Fi Adapter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
RegCure Pro
Revo Uninstaller 1.95
Roads of Rome 3
Skype™ 6.3
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Tiny Media Player v1.0
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/18/2013 8:31:40 AM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
7/18/2013 7:37:25 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/18/2013 7:36:49 AM, Error: Application Popup [1060]  -
7/17/2013 4:48:04 PM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2836988).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2820330).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2808679).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2805966).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2829361).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2781197).
7/17/2013 10:41:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833959).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2845533).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2822241).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2811660).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2800033).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2798162).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2795944).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2777294).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2769165).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2769034).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Windows 8 for x64-based Systems (KB2768703).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft Camera Codec Pack for Windows 8 for x64-based Systems (KB2859541).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft Camera Codec Pack for Windows 8 for x64-based Systems (KB2779444).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2805227).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2805222).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2750149).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2850851).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2845690).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2845187).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2839894).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2835364).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2835361).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2830290).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2829254).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2813430).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2807986).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2803821).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2785220).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2770660).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2753842).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Windows 8 for x64-based Systems (KB2727528).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64 (KB2742614).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840632).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833958).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804583).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789649).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2737084).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2844289).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840633).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2832418).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804584).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789650).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2742616).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2736693).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB2857645).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0923: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB2846071).
7/17/2013 10:41:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F0841: Update for Windows 8 for x64-based Systems (KB2771431).
.
==== End Of File ===========================


Thank you and this time and am going back to bed for sure for a few hours before work tonight.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 18, 2013, 10:36:55 PM
Hi, 4on4off.

I don't like that files that have been shown as removed keep showing up and, from what I'm seeing, shouldn't be!  Regarding AdwCleaner that you ran previously:  Was it a "fresh" copy you downloaded so you were using the latest version?  The same question applies to the Junkware Removal Tool (JRT).  AdwCleaner is generally updated twice a month however, JRT is updated more frequently. 

To be sure you have the latest versions, let's use a fresh copy of both. 

1.  Uninstall the version of AdwCleaner currently on the computer.   
2.  Download a fresh copy of AdwCleaner from AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your Desktop.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

3.  Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.

4.  If the computer wasn't restarted after scanning with JRT, please do so first and then run ComboFix.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Code: [Select]
Folder::
C:\Users\Ashley\AppData\Roaming\TuneUp Software
C:\ProgramData\TuneUp Software
C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
C:\Program Files (x86)\SqueekyChocolate, LLC
C:\Users\Ashley\AppData\Local\Updater21058
C:\Program Files (x86)\MyPC Backup

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 18, 2013, 11:17:21 PM
Hi Corrine,

I as you asked for Adwclearner  and JRT

Here are the logs:

# AdwCleaner v2.305 - Logfile created 07/18/2013 at 16:44:33
# Updated 11/07/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Ashley - SKAIA
# Boot Mode : Normal
# Running from : C:\Users\Ashley\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.22] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.25] : keyword = "search.conduit.com",
Deleted [l.29] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27[...]
Deleted [l.30] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]

*************************

AdwCleaner[S1].txt - [1053 octets] - [18/07/2013 16:44:33]

########## EOF - C:\AdwCleaner[S1].txt - [1113 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 8 x64
Ran by Ashley on Thu 07/18/2013 at 16:50:52.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ashley\appdata\local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/18/2013 at 16:53:45.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the combofix log:

ComboFix 13-07-18.04 - Ashley 07/18/2013  17:02:18.4.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.3147 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\aff.conf
c:\program files (x86)\MyPC Backup\Config\api.ts2
c:\program files (x86)\MyPC Backup\Database\mpcb_version_queue.db
c:\program files (x86)\MyPC Backup\log\AUTH.log
c:\program files (x86)\MyPC Backup\log\CLIENT.log
c:\program files (x86)\MyPC Backup\log\LICENCE.log
c:\program files (x86)\MyPC Backup\log\REMOTING.log
c:\program files (x86)\MyPC Backup\log\REQUEST.log
c:\program files (x86)\MyPC Backup\log\SERVICE.log
c:\program files (x86)\MyPC Backup\log\UPDATER.log
c:\program files (x86)\MyPC Backup\mypcbackup.ico
c:\program files (x86)\SqueekyChocolate, LLC
c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
c:\programdata\TuneUp Software
c:\programdata\TuneUp Software\TU2013\TUProgRating.10.tudb
c:\programdata\TuneUp Software\TU2013\TUReportData.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities 2013\TTUSvclrt.tt
c:\programdata\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.2013.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\scsi#disk&ven_ata&prod_hitachi_hts54505#4&4b3c5a3&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.xml
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgManagerCache.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUTuningIndex.10.2.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.13.tudb
c:\users\Ashley\AppData\Local\Updater21058
c:\users\Ashley\AppData\Local\Updater21058\Updater21058.exe
c:\users\Ashley\AppData\Roaming\TuneUp Software
c:\users\Ashley\AppData\Roaming\TuneUp Software\TU2013\Dashboard\IntegratorStates_en-US.xml
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 00:08 . 2013-07-19 00:08   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-18 15:22 . 2013-06-27 22:04   78200   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22 . 2013-06-27 22:04   693112   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 15:21 . 2013-07-18 15:21   --------   d-----w-   c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-17 23:45 . 2012-09-20 09:10   2367528   ----a-w-   c:\windows\system32\WSService.dll
2013-07-17 23:45 . 2012-09-20 07:55   3265256   ----a-w-   c:\windows\system32\drivers\evbda.sys
2013-07-17 23:45 . 2012-09-20 06:33   2397184   ----a-w-   c:\windows\system32\WpcMon.exe
2013-07-17 23:45 . 2012-09-20 06:30   3847168   ----a-w-   c:\windows\system32\d2d1.dll
2013-07-17 23:45 . 2012-09-20 06:33   3964416   ----a-w-   c:\windows\system32\WinSAT.exe
2013-07-17 23:43 . 2012-09-27 07:15   301568   ----a-w-   c:\windows\system32\newdev.dll
2013-07-17 23:43 . 2012-09-27 07:17   76288   ----a-w-   c:\windows\system32\newdev.exe
2013-07-17 23:43 . 2012-09-27 07:17   75264   ----a-w-   c:\windows\system32\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:35   74240   ----a-w-   c:\windows\SysWow64\newdev.exe
2013-07-17 23:43 . 2012-09-27 06:35   73728   ----a-w-   c:\windows\SysWow64\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:34   275968   ----a-w-   c:\windows\SysWow64\newdev.dll
2013-07-17 23:43 . 2012-10-02 07:34   68608   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 19:59 . 2012-10-17 04:32   1172992   ----a-w-   c:\windows\system32\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 04:32   677888   ----a-w-   c:\windows\system32\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 04:32   673280   ----a-w-   c:\windows\system32\mfmpeg2srcsnk.dll
2013-07-17 19:59 . 2012-10-17 03:57   929792   ----a-w-   c:\windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 03:57   568832   ----a-w-   c:\windows\SysWow64\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 03:57   513024   ----a-w-   c:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:58 . 2012-10-12 06:13   109568   ----a-w-   c:\windows\system32\dskquota.dll
2013-07-17 19:58 . 2012-10-12 05:39   82944   ----a-w-   c:\windows\SysWow64\dskquota.dll
2013-07-17 19:58 . 2012-10-24 04:54   396008   ----a-w-   c:\windows\system32\hal.dll
2013-07-17 19:50 . 2012-12-04 04:21   368640   ----a-w-   c:\windows\system32\sppwinob.dll
2013-07-17 19:48 . 2012-11-20 05:24   1164800   ----a-w-   c:\windows\SysWow64\Display.dll
2013-07-17 19:47 . 2012-11-06 04:20   93696   ----a-w-   c:\windows\SysWow64\WcnApi.dll
2013-07-17 19:46 . 2013-05-15 22:35   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-14 18:56 . 2012-11-26 02:15   16114176   ----a-w-   c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56 . 2012-11-26 02:14   15541248   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-14 02:37 . 2012-08-31 00:52   17888   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2013-07-14 02:37 . 2012-08-31 00:53   17888   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33 . 2013-05-15 02:25   888320   ----a-w-   c:\windows\system32\autochk.exe
2013-07-14 02:32 . 2013-05-23 23:01   1300992   ----a-w-   c:\windows\system32\gdi32.dll
2013-07-14 02:32 . 2013-05-23 22:27   1022464   ----a-w-   c:\windows\SysWow64\gdi32.dll
2013-07-14 02:26 . 2013-04-09 04:50   65024   ----a-w-   c:\windows\system32\msscntrs.dll
2013-07-13 19:18 . 2013-07-18 19:48   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-18 19:47   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 03:31 . 2012-10-24 03:25   13312   ----a-w-   c:\windows\system32\pcalua.exe
2013-07-13 03:31 . 2012-10-24 03:24   405504   ----a-w-   c:\windows\system32\pcasvc.dll
2013-07-13 03:31 . 2012-10-24 03:24   31232   ----a-w-   c:\windows\system32\pcadm.dll
2013-07-13 03:31 . 2012-10-24 03:05   11776   ----a-w-   c:\windows\system32\pcaevts.dll
2013-07-13 03:25 . 2013-03-22 03:49   2382336   ----a-w-   c:\windows\SysWow64\esent.dll
2013-07-13 03:25 . 2013-03-02 08:23   375808   ----a-w-   c:\windows\SysWow64\ReAgent.dll
2013-07-13 03:25 . 2013-03-02 02:44   1011200   ----a-w-   c:\windows\system32\reseteng.dll
2013-07-13 03:25 . 2012-12-15 04:55   443392   ----a-w-   c:\windows\system32\ReAgent.dll
2013-07-13 03:25 . 2012-11-03 05:26   132096   ----a-w-   c:\windows\system32\sysreset.exe
2013-07-13 03:25 . 2012-11-03 05:25   945152   ----a-w-   c:\windows\system32\resetengmig.dll
2013-07-13 03:25 . 2013-03-21 22:47   2851840   ----a-w-   c:\windows\system32\esent.dll
2013-07-13 03:16 . 2013-04-10 22:35   2035200   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1617920   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 03:16 . 2013-04-10 22:35   1306112   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16 . 2013-04-10 22:35   1272320   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1029632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1413632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1318912   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 03:16 . 2013-04-16 02:34   1455368   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:14 . 2013-06-01 09:25   496640   ----a-w-   c:\windows\SysWow64\qedit.dll
2013-07-13 03:13 . 2013-05-04 06:59   2842112   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-13 03:12 . 2012-11-07 23:04   149264   ----a-w-   c:\program files\Windows Defender\SymSrv.dll
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\Ashley\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-18  17:10:45
ComboFix-quarantined-files.txt  2013-07-19 00:10
ComboFix2.txt  2013-07-18 14:39
ComboFix3.txt  2013-07-17 20:08
ComboFix4.txt  2013-07-17 17:51
.
Pre-Run: 424,339,243,008 bytes free
Post-Run: 424,014,635,008 bytes free
.
- - End Of File - - C1D9FD95965CE9F25E3770A679398B06
D41D8CD98F00B204E9800998ECF8427E


Also, previous to running these last three scans I have not seen the biz coaching popup nor the ads suggesting downloading a player or a missing plug in.

Since I uninstalled avg safe search and Norton I will make sure windows defender is running after we are all clear here.

Heading into work and will check back in in 14 hours.

Thanks again.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 19, 2013, 12:17:05 AM
My brain is too foggy to look at the ComboFix log tonight -- other than still seeing those same files that should be gone.  It is also interesting that AdwCleaner and JRT both found additional files even though you ran both a couple days ago.

I'll take a fresh look tomorrow. 

Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 19, 2013, 01:11:32 AM
Sounds good Corrine and thank you.

Time for some barge unloading! Looks like another 5 hour energy night.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 19, 2013, 04:26:44 PM
Let's try this again.  It appears there is a backup registry entry and folder that need to be removed.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Code: [Select]
Folder::
c:\users\Ashley\AppData\Local\getsavin
c:\users\Ashley\AppData\Local\DefineExt
c:\program files (x86)\SqueekyChocolate, LLC

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

There is an old version of Google Chrome on the system (Google Chrome 28.0.1500.71).  To remove it, please download and run OldChromeRemover (http://download.thewebatom.net/4f1464d0018cc/OldChromeRemover-0.5.exe).  Note:  Windows Vista/Windows 7-8 users must use “Run As Administrator.”
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 19, 2013, 04:48:43 PM
Here is the combofix log:

ComboFix 13-07-18.04 - Ashley 07/19/2013  10:37:05.5.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3974.2934 [GMT -7:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashley\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-19 to 2013-07-19  )))))))))))))))))))))))))))))))
.
.
2013-07-19 17:41 . 2013-07-19 17:41   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-07-18 15:22 . 2013-06-27 22:04   78200   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:22 . 2013-06-27 22:04   693112   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 15:21 . 2013-07-18 15:21   --------   d-----w-   c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-17 23:45 . 2012-09-20 09:10   2367528   ----a-w-   c:\windows\system32\WSService.dll
2013-07-17 23:45 . 2012-09-20 07:55   3265256   ----a-w-   c:\windows\system32\drivers\evbda.sys
2013-07-17 23:45 . 2012-09-20 06:33   2397184   ----a-w-   c:\windows\system32\WpcMon.exe
2013-07-17 23:45 . 2012-09-20 06:30   3847168   ----a-w-   c:\windows\system32\d2d1.dll
2013-07-17 23:45 . 2012-09-20 06:33   3964416   ----a-w-   c:\windows\system32\WinSAT.exe
2013-07-17 23:43 . 2012-09-27 07:15   301568   ----a-w-   c:\windows\system32\newdev.dll
2013-07-17 23:43 . 2012-09-27 07:17   76288   ----a-w-   c:\windows\system32\newdev.exe
2013-07-17 23:43 . 2012-09-27 07:17   75264   ----a-w-   c:\windows\system32\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:35   74240   ----a-w-   c:\windows\SysWow64\newdev.exe
2013-07-17 23:43 . 2012-09-27 06:35   73728   ----a-w-   c:\windows\SysWow64\ndadmin.exe
2013-07-17 23:43 . 2012-09-27 06:34   275968   ----a-w-   c:\windows\SysWow64\newdev.dll
2013-07-17 23:43 . 2012-10-02 07:34   68608   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-07-17 23:38 . 2013-07-17 23:38   --------   d-----w-   c:\program files (x86)\VS Revo Group
2013-07-17 19:59 . 2012-10-17 04:32   1172992   ----a-w-   c:\windows\system32\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 04:32   677888   ----a-w-   c:\windows\system32\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 04:32   673280   ----a-w-   c:\windows\system32\mfmpeg2srcsnk.dll
2013-07-17 19:59 . 2012-10-17 03:57   929792   ----a-w-   c:\windows\SysWow64\mfnetsrc.dll
2013-07-17 19:59 . 2012-10-17 03:57   568832   ----a-w-   c:\windows\SysWow64\mfnetcore.dll
2013-07-17 19:59 . 2012-10-17 03:57   513024   ----a-w-   c:\windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-17 19:58 . 2012-10-12 06:13   109568   ----a-w-   c:\windows\system32\dskquota.dll
2013-07-17 19:58 . 2012-10-12 05:39   82944   ----a-w-   c:\windows\SysWow64\dskquota.dll
2013-07-17 19:58 . 2012-10-24 04:54   396008   ----a-w-   c:\windows\system32\hal.dll
2013-07-17 19:50 . 2012-12-04 04:21   368640   ----a-w-   c:\windows\system32\sppwinob.dll
2013-07-17 19:48 . 2012-11-20 05:24   1164800   ----a-w-   c:\windows\SysWow64\Display.dll
2013-07-17 19:47 . 2012-11-06 04:20   93696   ----a-w-   c:\windows\SysWow64\WcnApi.dll
2013-07-17 19:46 . 2013-05-15 22:35   144384   ----a-w-   c:\windows\system32\tssdisai.dll
2013-07-17 16:25 . 2013-07-17 16:25   252080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10210.bin
2013-07-17 08:07 . 2013-07-17 08:07   --------   d-----w-   c:\windows\ERUNT
2013-07-17 06:51 . 2013-07-17 06:51   173   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-07-17 05:23 . 2013-07-17 16:30   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\programdata\Malwarebytes
2013-07-17 04:40 . 2013-07-17 04:40   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-17 04:40 . 2013-04-04 21:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-07-14 18:56 . 2012-11-26 02:15   16114176   ----a-w-   c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:56 . 2012-11-26 02:14   15541248   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-14 18:51 . 2013-06-24 07:41   78185248   ----a-w-   c:\windows\system32\MRT.exe
2013-07-14 18:49 . 2013-07-14 18:49   --------   d-----w-   c:\program files (x86)\Tiny Media Player
2013-07-14 02:37 . 2012-08-31 00:52   17888   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2013-07-14 02:37 . 2012-08-31 00:53   17888   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2013-07-14 02:33 . 2013-05-15 02:25   888320   ----a-w-   c:\windows\system32\autochk.exe
2013-07-14 02:32 . 2013-05-23 23:01   1300992   ----a-w-   c:\windows\system32\gdi32.dll
2013-07-14 02:32 . 2013-05-23 22:27   1022464   ----a-w-   c:\windows\SysWow64\gdi32.dll
2013-07-14 02:26 . 2013-04-09 04:50   65024   ----a-w-   c:\windows\system32\msscntrs.dll
2013-07-13 19:18 . 2013-07-18 19:48   --------   d-----w-   c:\program files (x86)\Common Files\Symantec Shared
2013-07-13 19:15 . 2013-07-13 19:15   --------   d-----w-   c:\program files\Paint.NET
2013-07-13 19:13 . 2013-07-13 19:13   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 19:13 . 2013-07-18 19:47   --------   d-----w-   c:\programdata\AVG SafeGuard toolbar
2013-07-13 19:12 . 2013-07-13 19:12   --------   d--h--w-   c:\programdata\Common Files
2013-07-13 03:31 . 2012-10-24 03:25   13312   ----a-w-   c:\windows\system32\pcalua.exe
2013-07-13 03:31 . 2012-10-24 03:24   405504   ----a-w-   c:\windows\system32\pcasvc.dll
2013-07-13 03:31 . 2012-10-24 03:24   31232   ----a-w-   c:\windows\system32\pcadm.dll
2013-07-13 03:31 . 2012-10-24 03:05   11776   ----a-w-   c:\windows\system32\pcaevts.dll
2013-07-13 03:25 . 2013-03-22 03:49   2382336   ----a-w-   c:\windows\SysWow64\esent.dll
2013-07-13 03:25 . 2013-03-02 08:23   375808   ----a-w-   c:\windows\SysWow64\ReAgent.dll
2013-07-13 03:25 . 2013-03-02 02:44   1011200   ----a-w-   c:\windows\system32\reseteng.dll
2013-07-13 03:25 . 2012-12-15 04:55   443392   ----a-w-   c:\windows\system32\ReAgent.dll
2013-07-13 03:25 . 2012-11-03 05:26   132096   ----a-w-   c:\windows\system32\sysreset.exe
2013-07-13 03:25 . 2012-11-03 05:25   945152   ----a-w-   c:\windows\system32\resetengmig.dll
2013-07-13 03:25 . 2013-03-21 22:47   2851840   ----a-w-   c:\windows\system32\esent.dll
2013-07-13 03:16 . 2013-04-10 22:35   2035200   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1617920   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-07-13 03:16 . 2013-04-10 22:35   1306112   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-07-13 03:16 . 2013-04-10 22:35   1272320   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1029632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-13 03:16 . 2013-04-11 04:12   1413632   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-13 03:16 . 2013-04-10 22:35   1318912   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-07-13 03:16 . 2013-04-16 02:34   1455368   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-07-13 03:16 . 2012-11-10 04:22   122880   ----a-w-   c:\windows\system32\VmHostAI.dll
2013-07-13 03:16 . 2012-11-10 04:22   126976   ----a-w-   c:\windows\system32\RDWebAI.dll
2013-07-13 03:16 . 2012-11-10 04:20   135680   ----a-w-   c:\windows\system32\appserverai.dll
2013-07-13 03:16 . 2012-11-10 04:23   132608   ----a-w-   c:\windows\SysWow64\poqexec.exe
2013-07-13 03:16 . 2012-11-10 04:23   148480   ----a-w-   c:\windows\system32\poqexec.exe
2013-07-13 03:14 . 2013-06-01 09:25   496640   ----a-w-   c:\windows\SysWow64\qedit.dll
2013-07-13 03:13 . 2013-05-04 06:59   2842112   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-13 03:12 . 2012-11-07 23:04   149264   ----a-w-   c:\program files\Windows Defender\SymSrv.dll
2013-07-13 03:08 . 2012-11-01 04:40   2361344   ----a-w-   c:\windows\system32\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1802240   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-07-13 03:08 . 2012-11-01 04:41   1438720   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:40   1836032   ----a-w-   c:\windows\system32\msxml3.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:21   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml6r.dll
2013-07-13 03:08 . 2012-11-01 04:20   2048   ----a-w-   c:\windows\SysWow64\msxml3r.dll
2013-07-12 17:18 . 2013-07-12 17:18   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-07-12 17:18 . 2013-07-12 17:18   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----r-   c:\program files (x86)\Skype
2013-07-12 07:02 . 2013-07-12 07:02   --------   d-----w-   c:\programdata\Skype
2013-07-12 06:58 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2013-07-12 06:57 . 2013-07-12 06:58   --------   d-----w-   c:\program files (x86)\Real
2013-07-12 06:57 . 2013-07-12 06:57   --------   d-----w-   c:\program files (x86)\Google
2013-07-12 02:40 . 2013-07-12 02:45   --------   d-----w-   c:\users\Ashley
2013-07-12 02:33 . 2013-07-13 21:27   --------   d--h--r-   c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 19:21 . 2012-07-26 08:13   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-12 06:57 . 2012-09-02 04:37   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2013-07-12 06:57 . 2012-09-02 04:37   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2013-05-17 02:12 . 2013-05-17 02:12   351984   ----a-w-   c:\windows\SysWow64\SynCom.dll
2013-05-17 02:12 . 2012-09-02 05:12   819440   ----a-w-   c:\windows\system32\SynCOM.dll
2013-05-17 02:12 . 2013-05-17 02:12   524016   ----a-w-   c:\windows\system32\drivers\SynTP.sys
2013-05-17 02:12 . 2013-05-17 02:12   192240   ----a-w-   c:\windows\system32\SynTPCo19.dll
2013-05-17 02:12 . 2013-05-17 02:12   151280   ----a-w-   c:\windows\SysWow64\SynTPCom.dll
2013-05-17 02:12 . 2013-05-17 02:12   264432   ----a-w-   c:\windows\system32\SynTPAPI.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}]
c:\users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\Ashley\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}]
c:\program files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-12 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost   REG_MULTI_SZ      apphostsvc
iissvcs   REG_MULTI_SZ      w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:33   1173456   ----a-w-   c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 19:56]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 06:57]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14 07:02]
.
2013-07-16 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2012-07-26 03:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 440640]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-19  10:43:27
ComboFix-quarantined-files.txt  2013-07-19 17:43
ComboFix2.txt  2013-07-19 00:10
ComboFix3.txt  2013-07-18 14:39
ComboFix4.txt  2013-07-17 20:08
ComboFix5.txt  2013-07-19 17:36
.
Pre-Run: 424,413,298,688 bytes free
Post-Run: 424,095,965,184 bytes free
.
- - End Of File - - EC561C9E73147F7E1566ED92CD5B298D
D41D8CD98F00B204E9800998ECF8427E


4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 19, 2013, 06:12:00 PM
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer.  Save it to your Desktop.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 19, 2013, 06:42:25 PM
Here are the OTL logs:

OTL logfile created on: 7/19/2013 12:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 74.77% Memory free
7.38 Gb Paging File | 6.41 Gb Available in Paging File | 86.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 394.96 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 02:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/12 12:56:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 19:18:24 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/01 04:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 04:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/16 19:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/04 00:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 00:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/08 13:17:56 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 19:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: RealDownloader = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
 
O1 HOSTS File: ([2013/07/18 17:08:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (GetSavin 5.0) - {B3522C04-B9DB-4C57-AA22-929092423BDD} - C:\Users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (SmileysWeLoveToolbar) - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/19 12:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:45:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2013/07/18 16:49:25 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 08:22:02 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/18 08:22:02 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/17 16:45:29 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/07/17 16:45:20 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys
[2013/07/17 16:45:09 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe
[2013/07/17 16:45:04 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/17 16:45:02 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2013/07/17 16:44:59 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys
[2013/07/17 16:44:57 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2013/07/17 16:44:52 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2013/07/17 16:44:52 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll
[2013/07/17 16:44:50 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/17 16:44:50 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2013/07/17 16:44:50 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2013/07/17 16:44:49 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll
[2013/07/17 16:44:49 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2013/07/17 16:44:45 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2013/07/17 16:44:42 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2013/07/17 16:44:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2013/07/17 16:44:39 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll
[2013/07/17 16:44:39 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll
[2013/07/17 16:44:39 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2013/07/17 16:44:39 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2013/07/17 16:44:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/07/17 16:44:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2013/07/17 16:44:37 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll
[2013/07/17 16:44:36 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2013/07/17 16:44:35 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2013/07/17 16:44:35 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2013/07/17 16:44:35 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2013/07/17 16:44:35 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll
[2013/07/17 16:44:34 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2013/07/17 16:44:34 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/07/17 16:44:34 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll
[2013/07/17 16:44:34 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2013/07/17 16:44:33 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2013/07/17 16:44:33 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2013/07/17 16:44:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013/07/17 16:44:32 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2013/07/17 16:44:32 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/07/17 16:44:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2013/07/17 16:44:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/07/17 16:44:27 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2013/07/17 16:44:27 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/07/17 16:44:27 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/07/17 16:44:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll
[2013/07/17 16:44:26 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2013/07/17 16:44:26 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2013/07/17 16:44:26 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/07/17 16:44:24 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2013/07/17 16:44:24 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll
[2013/07/17 16:44:24 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll
[2013/07/17 16:44:24 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll
[2013/07/17 16:44:24 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll
[2013/07/17 16:44:23 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll
[2013/07/17 16:44:23 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll
[2013/07/17 16:44:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2013/07/17 16:44:23 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll
[2013/07/17 16:44:22 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll
[2013/07/17 16:44:22 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2013/07/17 16:44:22 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2013/07/17 16:44:22 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013/07/17 16:44:22 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys
[2013/07/17 16:44:21 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013/07/17 16:44:21 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2013/07/17 16:44:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe
[2013/07/17 16:44:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2013/07/17 16:44:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll
[2013/07/17 16:44:20 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2013/07/17 16:44:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2013/07/17 16:44:20 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013/07/17 16:44:19 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll
[2013/07/17 16:44:17 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2013/07/17 16:44:16 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll
[2013/07/17 16:44:16 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2013/07/17 16:44:16 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll
[2013/07/17 16:44:16 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll
[2013/07/17 16:44:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll
[2013/07/17 16:44:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/07/17 16:44:16 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll
[2013/07/17 16:44:16 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe
[2013/07/17 16:44:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll
[2013/07/17 16:44:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2013/07/17 16:44:15 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2013/07/17 16:44:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013/07/17 16:44:14 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/07/17 16:44:14 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/07/17 16:44:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll
[2013/07/17 16:44:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll
[2013/07/17 16:44:13 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/07/17 16:44:13 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/07/17 16:44:13 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll
[2013/07/17 16:44:12 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/07/17 16:44:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe
[2013/07/17 16:44:10 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/07/17 16:44:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll
[2013/07/17 16:44:10 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2013/07/17 16:44:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2013/07/17 16:44:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll
[2013/07/17 16:44:07 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll
[2013/07/17 16:44:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll
[2013/07/17 16:44:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll
[2013/07/17 16:44:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll
[2013/07/17 16:44:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/07/17 16:44:05 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll
[2013/07/17 16:44:05 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll
[2013/07/17 16:44:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll
[2013/07/17 16:44:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll
[2013/07/17 16:44:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll
[2013/07/17 16:44:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2013/07/17 16:43:45 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2013/07/17 16:43:44 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2013/07/17 16:43:44 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2013/07/17 16:43:44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013/07/17 16:43:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013/07/17 16:43:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013/07/17 16:43:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 13:31:49 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/07/17 13:31:47 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/07/17 13:31:46 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/07/17 13:31:45 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/17 13:31:45 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/07/17 13:31:44 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/07/17 13:31:41 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/07/17 13:31:41 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/07/17 13:31:41 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/07/17 13:31:41 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/07/17 13:31:40 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/07/17 13:31:40 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/07/17 13:31:40 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/17 13:31:39 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/07/17 13:31:39 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/07/17 13:31:39 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/17 13:31:39 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/07/17 13:31:39 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/07/17 13:31:38 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/07/17 13:31:37 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/07/17 13:31:36 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/07/17 13:31:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/07/17 13:31:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/07/17 13:31:35 | 000,194,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/07/17 13:31:35 | 000,125,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/07/17 13:31:34 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/07/17 12:59:02 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2013/07/17 12:59:02 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2013/07/17 12:59:02 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2013/07/17 12:59:02 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2013/07/17 12:59:02 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2013/07/17 12:59:02 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2013/07/17 12:58:43 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2013/07/17 12:58:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2013/07/17 12:58:26 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2013/07/17 12:57:43 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2013/07/17 12:57:43 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/17 12:57:42 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2013/07/17 12:57:41 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2013/07/17 12:57:41 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013/07/17 12:57:40 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013/07/17 12:57:36 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013/07/17 12:57:35 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013/07/17 12:57:35 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2013/07/17 12:57:35 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/07/17 12:57:33 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2013/07/17 12:57:33 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/07/17 12:57:32 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2013/07/17 12:57:32 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/07/17 12:57:29 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/07/17 12:57:28 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2013/07/17 12:57:28 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/07/17 12:57:27 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2013/07/17 12:57:25 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2013/07/17 12:57:25 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2013/07/17 12:57:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2013/07/17 12:57:24 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2013/07/17 12:57:23 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2013/07/17 12:57:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/07/17 12:57:22 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2013/07/17 12:57:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2013/07/17 12:57:20 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013/07/17 12:57:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2013/07/17 12:57:18 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/07/17 12:57:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2013/07/17 12:57:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2013/07/17 12:57:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2013/07/17 12:57:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2013/07/17 12:57:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2013/07/17 12:57:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2013/07/17 12:57:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/07/17 12:57:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2013/07/17 12:57:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2013/07/17 12:50:25 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/07/17 12:50:14 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/17 12:50:10 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013/07/17 12:50:10 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013/07/17 12:50:09 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013/07/17 12:50:08 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013/07/17 12:50:08 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013/07/17 12:50:08 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013/07/17 12:50:07 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013/07/17 12:50:06 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013/07/17 12:50:06 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/17 12:50:06 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/17 12:50:06 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/07/17 12:50:06 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/07/17 12:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013/07/17 12:50:06 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013/07/17 12:50:06 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/17 12:50:05 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/07/17 12:50:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/07/17 12:50:05 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/17 12:50:05 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013/07/17 12:50:05 | 000,046,592 | ---- | C] (
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 19, 2013, 07:39:08 PM
Hi, 4on4off.  The forum software only allows a certain number of characters to be posted so the logs got cut off.  Please locate where it was cut off and copy/paste the rest.

Thanks.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 20, 2013, 06:37:39 AM
[2013/07/17 12:50:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013/07/17 12:50:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2013/07/17 12:50:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013/07/17 12:48:49 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013/07/17 12:48:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013/07/17 12:48:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013/07/17 12:48:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013/07/17 12:48:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/07/17 12:48:47 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/07/17 12:48:47 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/07/17 12:48:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/07/17 12:48:47 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/07/17 12:48:46 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/07/17 12:48:27 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013/07/17 12:48:16 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013/07/17 12:48:15 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/07/17 12:48:14 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013/07/17 12:48:11 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/07/17 12:48:09 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013/07/17 12:48:05 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013/07/17 12:48:05 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013/07/17 12:48:05 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013/07/17 12:48:04 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013/07/17 12:48:03 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013/07/17 12:48:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013/07/17 12:48:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013/07/17 12:48:02 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013/07/17 12:48:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013/07/17 12:48:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013/07/17 12:48:01 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013/07/17 12:48:00 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013/07/17 12:47:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013/07/17 12:47:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013/07/17 12:47:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013/07/17 12:47:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013/07/17 12:47:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013/07/17 12:47:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013/07/17 12:47:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013/07/17 12:47:57 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013/07/17 12:47:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013/07/17 12:47:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013/07/17 12:47:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013/07/17 12:46:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/07/17 10:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/17 10:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/17 10:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/07/17 10:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/17 10:39:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 10:38:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/17 10:38:20 | 005,091,168 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/17 09:37:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/17 01:07:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/16 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/16 22:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004
[2013/07/16 21:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 21:40:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/16 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/16 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Programs
[2013/07/16 21:38:29 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:49 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 20:39:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Youcam
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\CyberLink
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CyberLink
[2013/07/14 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Add-in Express
[2013/07/14 11:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE
[2013/07/14 11:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny Media Player
[2013/07/14 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiny Media Player
[2013/07/14 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Pokki
[2013/07/14 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CRE
[2013/07/13 19:37:13 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013/07/13 19:37:11 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013/07/13 19:34:24 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/07/13 19:34:21 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/07/13 19:34:20 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/07/13 19:34:16 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/07/13 19:34:14 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/07/13 19:34:13 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/07/13 19:34:13 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/07/13 19:34:12 | 002,305,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/07/13 19:34:12 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/07/13 19:34:12 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/07/13 19:34:12 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/07/13 19:34:12 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/07/13 19:34:12 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/07/13 19:34:11 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/07/13 19:34:10 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/07/13 19:34:10 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/07/13 19:34:10 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/07/13 19:34:10 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/07/13 19:34:10 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/07/13 19:34:10 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2013/07/13 19:34:10 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2013/07/13 19:34:09 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/07/13 19:34:09 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013/07/13 19:34:09 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/07/13 19:34:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2013/07/13 19:34:08 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2013/07/13 19:34:08 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/07/13 19:34:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2013/07/13 19:34:08 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/07/13 19:34:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/07/13 19:34:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/07/13 19:34:07 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/07/13 19:34:07 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/07/13 19:34:07 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/07/13 19:34:07 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/07/13 19:34:07 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2013/07/13 19:34:07 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2013/07/13 19:34:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/07/13 19:34:07 | 000,058,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/07/13 19:34:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/07/13 19:34:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/07/13 19:34:05 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/07/13 19:34:05 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/07/13 19:34:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/07/13 19:34:05 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2013/07/13 19:34:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/07/13 19:34:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/07/13 19:34:04 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/07/13 19:34:04 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2013/07/13 19:34:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/07/13 19:34:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2013/07/13 19:34:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/07/13 19:33:43 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2013/07/13 19:33:43 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2013/07/13 19:33:43 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2013/07/13 19:33:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2013/07/13 19:33:41 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/07/13 19:33:27 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/07/13 19:33:21 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/07/13 19:33:18 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/13 19:33:17 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/07/13 19:33:17 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/07/13 19:33:16 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/13 19:33:16 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/07/13 19:33:15 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/07/13 19:33:15 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/07/13 19:33:15 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/07/13 19:33:14 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/07/13 19:33:14 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/07/13 19:33:14 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/07/13 19:33:11 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/07/13 19:33:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/07/13 19:33:11 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/07/13 19:33:11 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/07/13 19:33:11 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/07/13 19:33:11 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/07/13 19:33:10 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/07/13 19:33:10 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/07/13 19:33:09 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/07/13 19:33:09 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/07/13 19:33:09 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/07/13 19:33:08 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/07/13 19:33:08 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/07/13 19:33:08 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/07/13 19:33:08 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/07/13 19:33:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/07/13 19:33:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/07/13 19:33:08 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013/07/13 19:33:07 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/07/13 19:33:07 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/07/13 19:33:07 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/07/13 19:33:07 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/07/13 19:33:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/07/13 19:33:06 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013/07/13 19:32:52 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/07/13 19:28:55 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/07/13 19:28:54 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/07/13 19:28:54 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/07/13 19:28:53 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/07/13 19:28:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/07/13 19:28:49 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/07/13 19:28:44 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/07/13 19:28:43 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/07/13 19:28:42 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/07/13 19:28:42 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/07/13 19:28:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/07/13 19:28:41 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/07/13 19:28:41 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/07/13 19:28:41 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/07/13 19:28:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/07/13 19:28:41 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/07/13 19:28:41 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/07/13 19:28:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/07/13 19:28:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/07/13 19:28:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/07/13 19:28:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/07/13 19:28:05 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/07/13 19:28:03 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/07/13 19:27:54 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/07/13 19:27:52 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/07/13 19:27:41 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/07/13 19:27:27 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/07/13 19:27:26 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/07/13 19:27:21 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/07/13 19:27:14 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/07/13 19:27:12 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/07/13 19:27:12 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/07/13 19:27:12 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/07/13 19:27:11 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/07/13 19:27:11 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/07/13 19:27:09 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/07/13 19:27:09 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/07/13 19:27:09 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/07/13 19:27:09 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/07/13 19:27:09 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/07/13 19:27:08 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/07/13 19:27:08 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/07/13 19:27:07 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/07/13 19:27:06 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/07/13 19:27:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/07/13 19:27:05 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/07/13 19:27:05 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/07/13 19:27:05 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll
[2013/07/13 19:27:04 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/07/13 19:27:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/07/13 19:27:04 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/07/13 19:27:04 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/07/13 19:27:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll
[2013/07/13 19:27:03 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/07/13 19:27:03 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/07/13 19:27:03 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/07/13 19:27:03 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/07/13 19:27:03 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/07/13 19:27:03 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/07/13 19:27:03 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/07/13 19:27:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/07/13 19:27:03 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/07/13 19:27:03 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/07/13 19:27:02 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013/07/13 19:27:02 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013/07/13 19:27:02 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/07/13 19:27:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/07/13 19:27:02 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/07/13 19:27:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/07/13 19:27:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/07/13 19:27:01 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/07/13 19:27:01 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/07/13 19:27:01 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/07/13 19:27:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/07/13 19:27:01 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/07/13 19:27:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll
[2013/07/13 19:27:01 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/07/13 19:27:00 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll
[2013/07/13 19:27:00 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll
[2013/07/13 19:27:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013/07/13 19:27:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe
[2013/07/13 19:27:00 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll
[2013/07/13 19:27:00 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll
[2013/07/13 19:27:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/07/13 19:27:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll
[2013/07/13 19:27:00 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2013/07/13 19:27:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll
[2013/07/13 19:27:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll
[2013/07/13 19:27:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2013/07/13 19:27:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll
[2013/07/13 19:27:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/07/13 19:27:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/07/13 19:27:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/07/13 19:26:58 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013/07/13 19:26:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2013/07/13 19:26:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2013/07/13 19:26:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/07/13 19:26:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll
[2013/07/13 19:26:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2013/07/13 19:26:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp
[2013/07/13 19:26:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013/07/13 19:26:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll
[2013/07/13 19:26:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll
[2013/07/13 19:26:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll
[2013/07/13 19:26:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll
[2013/07/13 19:26:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll
[2013/07/13 19:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2013/07/13 19:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp
[2013/07/13 19:26:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll
[2013/07/13 19:26:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2013/07/13 19:26:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2013/07/13 19:26:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2013/07/13 19:26:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2013/07/13 19:26:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2013/07/13 19:26:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2013/07/13 19:26:53 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/07/13 19:26:52 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/07/13 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Mozilla
[2013/07/13 12:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/07/13 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/07/13 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
[2013/07/13 12:13:51 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/13 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/07/13 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Paint.NET
[2013/07/13 12:12:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/12 21:12:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/07/12 20:31:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013/07/12 20:31:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013/07/12 20:31:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013/07/12 20:25:27 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/07/12 20:25:27 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/07/12 20:25:27 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/07/12 20:25:27 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/07/12 20:25:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/07/12 20:25:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/07/12 20:25:26 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/07/12 20:24:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/07/12 20:24:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/07/12 20:24:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/12 20:24:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/12 20:24:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/07/12 20:24:44 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/07/12 20:24:14 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/12 20:24:09 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/07/12 20:24:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/12 20:24:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/12 20:24:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/12 20:24:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/12 20:24:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/12 20:24:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/12 20:24:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/12 20:24:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/12 20:24:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/07/12 20:24:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/07/12 20:24:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/12 20:24:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/12 20:16:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/07/12 20:16:07 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/07/12 20:16:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/07/12 20:16:06 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/07/12 20:16:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/07/12 20:15:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/07/12 20:15:58 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/07/12 20:15:55 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/07/12 20:15:55 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/07/12 20:15:42 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/07/12 20:15:31 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/12 20:15:04 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/07/12 20:15:03 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/07/12 20:15:03 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/07/12 20:15:03 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/07/12 20:14:57 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/12 20:14:57 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/12 20:14:47 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/07/12 20:14:47 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/07/12 20:14:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/07/12 20:14:46 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/07/12 20:14:46 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/07/12 20:14:45 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/07/12 20:14:45 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/07/12 20:14:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/07/12 20:14:45 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/07/12 20:14:45 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/07/12 20:14:45 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/07/12 20:14:45 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/07/12 20:14:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/07/12 20:14:45 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/07/12 20:14:44 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/07/12 20:14:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/07/12 20:14:44 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/07/12 20:14:44 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/07/12 20:14:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013/07/12 20:14:44 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013/07/12 20:14:44 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/07/12 20:14:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013/07/12 20:14:41 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/07/12 20:14:40 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/07/12 20:14:40 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/07/12 20:14:40 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/07/12 20:14:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/07/12 20:13:32 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/12 20:13:32 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/07/12 20:13:31 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 20:13:05 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/07/12 20:13:05 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/07/12 20:13:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/07/12 20:13:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/07/12 20:13:05 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/07/12 20:13:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/07/12 20:13:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/07/12 20:13:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/07/12 20:13:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/07/12 20:13:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/07/12 20:13:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/07/12 20:13:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/07/12 20:13:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/07/12 20:13:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/07/12 20:13:01 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/07/12 20:13:01 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/07/12 20:13:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/07/12 20:13:01 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/07/12 20:13:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/07/12 20:13:01 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/07/12 20:13:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/07/12 20:13:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/07/12 20:12:40 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/07/12 20:12:40 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/07/12 20:08:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/07/12 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Adobe
[2013/07/12 12:47:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\hpqlog
[2013/07/12 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Skype
[2013/07/12 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/12 00:02:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/07/12 00:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/12 00:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/12 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/07/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\DefineExt
[2013/07/11 23:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Real
[2013/07/11 23:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\RealNetworks
[2013/07/11 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/11 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/11 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/11 23:58:03 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/11 23:58:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/11 23:58:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/11 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/11 23:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/07/11 23:57:39 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Real
[2013/07/11 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/11 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Google
[2013/07/11 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/11 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Macromedia
[2013/07/11 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/11 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
[2013/07/11 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Hewlett-Packard
[2013/07/11 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Hewlett-Packard
[2013/07/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CrashDumps
[2013/07/11 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Diagnostics
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Searches
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Contacts
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/11 19:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/11 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Adobe
[2013/07/11 19:44:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/07/11 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Synaptics
[2013/07/11 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Power2Go8
[2013/07/11 19:42:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/11 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\VirtualStore
[2013/07/11 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Packages
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Temporary Internet Files
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Templates
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Start Menu
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\SendTo
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Recent
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\PrintHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\NetHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Videos
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Pictures
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Music
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\My Documents
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Local Settings
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\History
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Cookies
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Application Data
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Application Data
[2013/07/11 19:41:01 | 000,000,000 | --SD | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Desktop
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/11 19:41:01 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\AppData
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Videos
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Saved Games
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Pictures
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Music
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Links
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Favorites
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Downloads
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Documents
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.system.package.metadata
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.applications.package.appdata
[2013/07/11 19:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 12:18:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 12:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 12:15:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 12:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 10:54:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/19 10:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/18 17:08:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/18 17:04:26 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 17:04:26 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 17:04:26 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 17:00:47 | 005,091,168 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/18 16:57:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/18 16:57:07 | 3333,857,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 16:49:25 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 16:43:53 | 000,662,345 | ---- | M] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:51 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:38:06 | 000,001,268 | ---- | M] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 09:37:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/16 23:51:28 | 000,000,173 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:38:34 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:55 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 21:31:59 | 000,891,022 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | M] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/15 18:00:01 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/13 12:21:46 | 000,002,283 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/13 12:13:11 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/12 21:35:02 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 00:02:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/07/11 23:58:03 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/07/11 23:58:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/07/11 23:58:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/07/11 19:53:14 | 000,001,428 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/27 15:04:51 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/27 15:04:51 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/07/18 16:43:53 | 000,662,345 | ---- | C] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:42 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:44:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/07/17 16:44:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/17 16:38:06 | 000,001,268 | ---- | C] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 13:31:34 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/17 10:40:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/17 10:40:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/17 10:40:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/17 10:40:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/17 10:40:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/16 23:51:07 | 000,000,173 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:31:58 | 000,891,022 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | C] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/13 18:44:17 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/13 18:44:16 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/13 12:16:28 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 12:56:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 11:03:00 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/12 00:02:49 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/07/11 23:57:38 | 000,002,283 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/11 23:57:37 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 23:57:26 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 23:57:25 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 19:53:14 | 000,001,428 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/11 19:44:56 | 000,001,434 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/11 19:44:34 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/07/11 19:44:31 | 000,002,358 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2013/07/11 19:41:52 | 000,000,352 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/11 19:41:52 | 000,000,334 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/08 13:18:04 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 13:17:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 13:17:52 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012/08/17 10:48:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 20, 2013, 06:38:54 AM
OTL Extras logfile created on: 7/19/2013 12:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 74.77% Memory free
7.38 Gb Paging File | 6.41 Gb Available in Paging File | 86.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 394.96 Gb Free Space | 89.26% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D033936-F169-49E8-9435-8505270E7ACA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{36D82B3C-31BF-488A-9463-D21377871A65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056CE0FA-7028-427F-833E-97724F53AEA3}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0D98256F-8128-49D9-A456-BA83022CF5A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{127680ED-EED0-43EA-B31C-62E05E0CC402}" = dir=out | name=youtube now |
"{16175F0C-4FCF-49E5-813C-CB51B7A81FA5}" = dir=out | name=norton studio |
"{16C89016-2D0B-4B69-BDC6-2FE38EDD07E2}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16E4338E-7DDC-4A99-A6B7-EFA34025748E}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{232913AE-F58A-412D-AED3-20ADB207D71D}" = dir=out | name=netflix |
"{295ED328-414E-4005-912C-245BC7C7B2C9}" = dir=out | name=microsoft mahjong |
"{2F76A184-4822-48D5-81D7-A84D44D7BCDD}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{347CE2BF-9213-4599-BEE1-B50E6CB652CE}" = dir=out | name=skype |
"{40D9FA60-0BD6-4E8E-9624-F993D6B41F4B}" = dir=out | name=hp+ |
"{4A0A2AC4-70EF-4E0C-9DAC-C42DE7094B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{4C0F9A9F-F358-443D-9E80-C0AC1DF1A13C}" = dir=out | name=getting started with windows 8 |
"{4D5E83E9-9AF0-467F-8FAC-A1F1FD693DEA}" = dir=out | name=hp registration |
"{4E6763C9-8735-4D26-A147-ADA76AB9D889}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E98480B-F2D3-4971-B00C-E31791C23FE4}" = dir=out | name=flow free |
"{55940E40-1247-450F-AA20-A779365BE37F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{565B39B5-FB15-4D96-9C49-E7D0300834A7}" = dir=out | name=facebook now |
"{6012208F-0ABB-41EC-8DE8-8D9D3D1A5300}" = dir=in | name=hp connected photo powered by snapfish |
"{63C8DB43-825F-41FA-8C80-E47FC6C527D5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6A12087F-EF7C-4FA8-8D1D-1F7E0231284D}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{6A5A80D1-BED8-4E13-BFAE-D49CB6AEA67D}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{7709DE49-9807-432A-873F-CE172C180B19}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{791AEA90-D417-4D6F-B3BF-98C6A684A876}" = dir=out | name=ebay |
"{7FBCA126-1DFA-4CD9-B468-FB08AF6D72EA}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85548053-3389-4EE0-9AA5-DD56253F8E81}" = dir=in | name=hp+ |
"{8917CD41-853D-4194-960D-24177F501042}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{905125E9-F051-4A7A-8388-E89DE791394E}" = dir=out | name=tumblr now |
"{91A0AFBD-155E-449B-AF3A-6583ECFB08DE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{924F7C0B-2B71-4750-8B8F-6E56E756E90A}" = dir=out | name=hp connected photo powered by snapfish |
"{BD40F4BC-C3DC-4E45-9DF6-14DDEE0DD31A}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{BFAE7A54-2261-4571-83B7-606444C94C2C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C4576725-5893-4D6C-8293-AB289C77EE71}" = dir=out | name=microsoft solitaire collection |
"{C8570DC9-4048-44F2-A224-D2F836322030}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{CFEEB326-7EEC-4BC2-8308-7646B64E0577}" = dir=out | name=iheartradio |
"{D82C70A1-2CD2-4231-A792-9D610B697590}" = dir=out | name=photo editor |
"{D9F620E2-B911-47F4-B653-06FC939E9301}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA550552-7BA1-4B35-AFD8-DC5BE1544620}" = dir=in | name=skype |
"{E4FC2A0A-F7AF-448A-BEB8-5C67F650B525}" = dir=out | name=kindle |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ECEF9D1A-3B8F-4AFD-8DD8-C812ADC2BCE1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F07430BF-3294-495B-B4AF-548124B97B99}" = dir=in | name=ebay |
"{F31AD9AA-5191-41A9-8D4B-C3598AFBD30E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F4454ACA-398A-453E-8A78-C90489283FA2}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FC6AEBF5-BF0F-4C9F-AD4D-F1C824405BE1}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"TCP Query User{B37B20AD-10D8-412D-A67C-D8540B1AAE43}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{46B13E25-66B2-4607-BC4C-5FC74699A5F0}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04DB50FA-EA80-4256-85F9-540C582E280D}" = QuickShare
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}" = HP Documentation
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.95
"Tiny Media Player_is1" = Tiny Media Player v1.0
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-057d6a72-b7e1-415f-9db1-71e6a83e29f5" = Bejeweled 3
"WTA-091a783a-5159-446d-934e-b9f672c7443e" = Penguins!
"WTA-0c1fa763-77e6-44cd-b404-ce6a6e633d68" = Luxor Evolved
"WTA-0c5b3f60-1faf-46ce-a3e7-1d4108b6686d" = Polar Golfer
"WTA-132a3cad-e4c2-4486-89c4-1cf0b219d473" = Tales of Lagoona
"WTA-1a04f438-53c4-48ee-9a33-1d8c4380eb51" = Chuzzle Deluxe
"WTA-1addad0a-abf4-4def-8c9f-81e55f8f65f0" = John Deere Drive Green
"WTA-314b84d8-f288-4c11-92d5-7a997cae46ea" = Final Drive Fury
"WTA-4a14ef9b-51bf-4613-8d86-e118f006130e" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-4d0aa498-5529-40b3-8792-263b84fd14e9" = FlatOut 2
"WTA-588927c0-797c-4848-97ce-0ac53b588e86" = Hoyle Card Games
"WTA-59c7b1b0-4198-4ecf-a8b1-ea98cf2bbfd7" = Governor of Poker 2 Premium Edition
"WTA-5d4b93c3-8250-440e-a95b-07d17aa802d4" = Jewel Match 3
"WTA-617603f6-9833-4db3-873a-55bbee92c814" = Peggle Nights
"WTA-682320c0-e89f-4873-86e4-2b560303b8d4" = Build-a-lot 4 - Power Source
"WTA-742705b3-1f08-4501-a6c1-66664a0aaaa0" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-7687659f-af32-4d94-b992-685302f59a31" = 4 Elements II
"WTA-7f3180fb-394a-434b-974e-6c0e710b6da8" = Roads of Rome 3
"WTA-811f7893-7131-4281-b130-f848d1bdf1e4" = Farm Frenzy
"WTA-81799265-3f8b-4022-822e-83742c37fd27" = Polar Bowler
"WTA-9dc5d37d-eb0e-4f78-b3c1-eeb228ce1879" = Cradle Of Egypt Collector's Edition
"WTA-b28f2b65-ae87-4a02-a9be-2b45716fc3d6" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-b8ba47ee-2a35-4c89-b6f8-34baeca75aab" = FATE: The Cursed King
"WTA-bf0d4a4f-c231-4607-84f1-06d38b1c9bb0" = Vacation Quest™ - Australia
"WTA-d5e0f69e-8178-402d-8914-f41f029dfae3" = Cradle of Rome 2
"WTA-eeb3cfb2-237b-4282-9880-470303e16118" = Zuma's Revenge
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1886273126-1053659535-1430386885-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
"Pokki" = Pokki
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/17/2013 12:27:08 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 1:05:33 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16384,
 time stamp: 0x50107ee0  Faulting module name: IEFRAME.dll, version: 10.0.9200.16390,
 time stamp: 0x501b41b4  Exception code: 0xc0000005  Fault offset: 0x001f8831  Faulting
 process id: 0x78c  Faulting application start time: 0x01ce830b7221352a  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\SYSTEM32\IEFRAME.dll  Report Id: 170d2083-ef03-11e2-be7b-78e3b579eef5  Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 1:14:49 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 2:00:35 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/17/2013 4:11:32 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp:
 0x50079e34  Faulting module name: d2d1.dll, version: 6.2.9200.16384, time stamp:
0x50108825  Exception code: 0xc0000005  Fault offset: 0x0012f269  Faulting process id:
 0x500  Faulting application start time: 0x01ce8329d03b649d  Faulting application path:
 C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe  Faulting module
 path: C:\Windows\SYSTEM32\d2d1.dll  Report Id: 1209bcc2-ef1d-11e2-be7b-78e3b579eef5
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 4:12:34 PM | Computer Name = Skaia | Source = Application Error | ID = 1000
Description = Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp:
 0x50079e34  Faulting module name: d2d1.dll, version: 6.2.9200.16384, time stamp:
0x50108825  Exception code: 0xc0000005  Fault offset: 0x0012f269  Faulting process id:
 0x115c  Faulting application start time: 0x01ce8329f60b7243  Faulting application path:
 C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe  Faulting module
 path: C:\Windows\SYSTEM32\d2d1.dll  Report Id: 371f2d99-ef1d-11e2-be7b-78e3b579eef5
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 7/17/2013 7:39:26 PM | Computer Name = Skaia | Source = MsiInstaller | ID = 11721
Description =
 
Error - 7/18/2013 11:30:11 AM | Computer Name = Skaia | Source = Application Hang | ID = 1002
Description = The program lSing.exe version 1.122.0.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: b0c    Start Time:
 01ce83cb741a5cb8    Termination Time: 0    Application Path: C:\Program Files (x86)\LyricSing\lSing.exe

Report
 Id: e28986d0-efbe-11e2-be7d-78e3b579eef5    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 7/18/2013 3:46:13 PM | Computer Name = Skaia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#38;#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 7/19/2013 1:28:55 PM | Computer Name = Skaia | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 7/18/2013 11:24:25 AM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 11:31:40 AM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 7:45:48 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 7:57:23 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
 error:   %%2
 
Error - 7/18/2013 8:05:37 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/18/2013 8:07:31 PM | Computer Name = Skaia | Source = Application Popup | ID = 1060
Description =
 
Error - 7/18/2013 8:07:31 PM | Computer Name = Skaia | Source = Application Popup | ID = 1060
Description =
 
Error - 7/18/2013 8:08:09 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/19/2013 1:39:43 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 7/19/2013 1:41:33 PM | Computer Name = Skaia | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 20, 2013, 06:43:27 AM
I apologize Corrine. I was so tired from staying up late after working graveyard that I forgot to preview and make sure it was all there. I know better than that as I have read many posts with the OTL logs and they always seem to need multiple posts.

I think I got it all this time.

Sorry for taking so long to get this completed. My wife woke me up after only a couple of hours sleep to get me to head out of town for a bit. We just got back.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: winchester73 on July 20, 2013, 12:47:31 PM
Corrine messaged me that a big storm knocked out both her cable and internet last night. It may be a bit before she can return to help you ...
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 20, 2013, 02:18:54 PM
Thank you Winchester.
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 21, 2013, 04:16:48 PM
Hi, 4on4off.

That was some storm that went through here.  Whatever happened, all Time Warner services were down (cable, internet and phone).  I'm glad we have our phone service through a different carrier and that we didn't lose power. 

Back to your niece's computer.  Please follow these instructions in the order provided.

1.  Conduit is still showing as the default search engine in Google Chrome.  To reset the Google Chrome search, please see Set your default search engine - Chrome Help (https://support.google.com/chrome/answer/95426?hl=en).

2.  I missed something when I was having you remove questionable programs.   Your niece has RegCure Pro installed.  You need to impress on her that registry cleaner programs do more harm than good.  I would strongly encourage you to uninstall RegCure Pro.

3.  Next, let's see if OTL can remove the remnants that keep showing up.
Code: [Select]
:Commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (GetSavin 5.0) - {B3522C04-B9DB-4C57-AA22-929092423BDD} - C:\Users\Ashley\AppData\Local\getsavin\ie\getsavin_1373612341.dll File not found
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Ashley\AppData\Local\DefineExt\temp.dat File not found
O2 - BHO: (SmileysWeLoveToolbar) - {e4ef8a64-0a30-48f5-b3fe-5fda978da775} - C:\Program Files (x86)\SqueekyChocolate, LLC\Smileys We Love Toolbar for IE\adxloader.dll File not found
[2013/07/14 11:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE
[2013/07/13 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar
[2013/07/13 12:13:51 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/07/13 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/07/13 12:13:11 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[EMPTYTEMP]
4.  After posting the resulting log, please Rescan as follows:

Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 21, 2013, 06:35:13 PM
 Hi Corrine,

Glad to hear you are back. Up and running.  I am at work on an extra shift for another 7 hours.

I will get this done as soon as I get home tonight.

Thank you.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 21, 2013, 06:54:49 PM
Considering the time you get off work, I'll be offline by then so if you need to catch up on your sleep, that is definitely a priority.  What I'm addressing here are remnants so not a great concern.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 22, 2013, 01:51:22 AM
I changed the default search in google chrome to google and removed the conduit search engine.

I uninstalled regcure as well.

Here is the OTL fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3522C04-B9DB-4C57-AA22-929092423BDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3522C04-B9DB-4C57-AA22-929092423BDD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4ef8a64-0a30-48f5-b3fe-5fda978da775}\ deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE folder moved successfully.
C:\Users\Ashley\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
C:\Windows\SysNative\Drivers\avgtpx64.sys moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
File PTYTEMP] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 07212013_194321

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I will rerun OTL and post the log shortly.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 22, 2013, 01:58:19 AM
Here is the new OTL quick scan log:

OTL logfile created on: 7/21/2013 7:52:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ashley\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 78.71% Memory free
4.57 Gb Paging File | 3.74 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.47 Gb Total Space | 397.60 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 22.52 Gb Total Space | 2.74 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
 
Computer Name: SKAIA | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 02:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/12 12:56:52 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 19:18:24 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 09:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 09:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 09:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/01 04:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 04:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/16 19:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/04 00:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 00:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/08 13:17:56 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 19:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ashley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 23:58:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - Extension: RealDownloader = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
 
O1 HOSTS File: ([2013/07/18 17:08:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7796B-5749-4307-8762-6E63F23AFC94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/21 19:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/19 12:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:45:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/19 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\temp
[2013/07/18 16:49:25 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/17 16:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/17 10:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/17 10:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/17 10:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/07/17 10:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/17 10:39:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/17 10:38:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/17 10:38:20 | 005,091,168 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/17 09:37:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/17 01:07:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/16 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/16 22:21:51 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004
[2013/07/16 21:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/16 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/16 21:40:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/16 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/16 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Programs
[2013/07/16 21:38:29 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:49 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 20:39:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Youcam
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\CyberLink
[2013/07/14 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CyberLink
[2013/07/14 11:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\Add-in Express
[2013/07/14 11:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny Media Player
[2013/07/14 11:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiny Media Player
[2013/07/14 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Pokki
[2013/07/14 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CRE
[2013/07/13 18:44:37 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Mozilla
[2013/07/13 12:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/07/13 12:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/07/13 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Paint.NET
[2013/07/13 12:12:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/12 21:12:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/07/12 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Adobe
[2013/07/12 12:47:04 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\hpqlog
[2013/07/12 00:03:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Skype
[2013/07/12 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/12 00:02:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/07/12 00:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/12 00:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/07/12 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/07/12 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\DefineExt
[2013/07/11 23:58:54 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Real
[2013/07/11 23:58:47 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\RealNetworks
[2013/07/11 23:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/11 23:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/11 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/11 23:58:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/11 23:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/07/11 23:57:39 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Real
[2013/07/11 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/11 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Google
[2013/07/11 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/11 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Macromedia
[2013/07/11 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/07/11 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
[2013/07/11 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Hewlett-Packard
[2013/07/11 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Hewlett-Packard
[2013/07/11 19:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\CrashDumps
[2013/07/11 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Diagnostics
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Searches
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Contacts
[2013/07/11 19:45:04 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/11 19:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/11 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Adobe
[2013/07/11 19:44:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/07/11 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Synaptics
[2013/07/11 19:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Power2Go8
[2013/07/11 19:42:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/11 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\VirtualStore
[2013/07/11 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Packages
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Temporary Internet Files
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Templates
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Start Menu
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\SendTo
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Recent
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\PrintHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\NetHood
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Videos
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Pictures
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Documents\My Music
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\My Documents
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Local Settings
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\History
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Cookies
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\Application Data
[2013/07/11 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\Ashley\AppData\Local\Application Data
[2013/07/11 19:41:01 | 000,000,000 | --SD | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Desktop
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/11 19:41:01 | 000,000,000 | R--D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/11 19:41:01 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\AppData
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Microsoft
[2013/07/11 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Videos
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Saved Games
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Pictures
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Music
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Links
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Favorites
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Downloads
[2013/07/11 19:40:54 | 000,000,000 | R--D | C] -- C:\Users\Ashley\Documents
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.system.package.metadata
[2013/07/11 19:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Ashley\Documents\hp.applications.package.appdata
[2013/07/11 19:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/21 19:49:33 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/21 19:49:33 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/21 19:49:33 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/21 19:46:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/21 19:45:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/21 19:44:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/21 19:44:18 | 3333,857,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 12:18:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 12:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 12:16:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2013/07/19 10:54:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/19 10:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/18 17:08:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/18 17:00:47 | 005,091,168 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2013/07/18 16:49:25 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ashley\Desktop\JRT.exe
[2013/07/18 16:43:53 | 000,662,345 | ---- | M] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:51 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:38:06 | 000,001,268 | ---- | M] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 09:37:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\dds.scr
[2013/07/16 23:51:28 | 000,000,173 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:38:34 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\tdsskiller.exe
[2013/07/16 21:37:55 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ashley\Desktop\mbam-setup.exe
[2013/07/16 21:34:45 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Ashley\Desktop\revosetup.exe
[2013/07/16 21:33:21 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\TFC.exe
[2013/07/16 21:31:59 | 000,891,022 | ---- | M] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | M] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/15 18:00:01 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/13 12:21:46 | 000,002,283 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 21:35:02 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 00:02:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/07/11 23:58:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/07/11 19:53:14 | 000,001,428 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/18 16:43:53 | 000,662,345 | ---- | C] () -- C:\Users\Ashley\Desktop\adwcleaner.exe
[2013/07/18 08:23:42 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/17 16:44:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013/07/17 16:44:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/07/17 16:38:06 | 000,001,268 | ---- | C] () -- C:\Users\Ashley\Desktop\Revo Uninstaller.lnk
[2013/07/17 13:31:34 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/17 10:40:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/17 10:40:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/17 10:40:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/17 10:40:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/17 10:40:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/16 23:51:07 | 000,000,173 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/16 21:40:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 21:31:58 | 000,891,022 | ---- | C] () -- C:\Users\Ashley\Desktop\SecurityCheck.exe
[2013/07/16 21:28:01 | 013,399,154 | ---- | C] () -- C:\Users\Ashley\Desktop\mbar-1.06.0.1004.zip
[2013/07/13 18:44:17 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001UA.job
[2013/07/13 18:44:16 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1886273126-1053659535-1430386885-1001Core.job
[2013/07/13 12:16:28 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/07/13 12:16:28 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/07/12 12:56:53 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 11:03:00 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/07/12 00:02:49 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/12 00:00:42 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/07/11 23:57:38 | 000,002,283 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/11 23:57:37 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 23:57:26 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 23:57:25 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 19:53:14 | 000,001,428 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/11 19:44:56 | 000,001,434 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/11 19:44:34 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/07/11 19:44:31 | 000,002,358 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2013/07/11 19:41:52 | 000,000,352 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/11 19:41:52 | 000,000,334 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/08 13:18:04 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 13:17:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 13:17:52 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012/08/17 10:48:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/11 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >


4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 22, 2013, 02:11:37 PM
Finally!  That was what I wanted to see. 

Let's clean up.  Please pay close attention to the following instructions.  It is important to remove the programs used because having older versions are useless without the updates and can result in serious problems.

1.  Please remove the programs you used before seeking help.  This includes TDSSKiller.  Note also that there is no official "portable" version of Malwarebytes.   It is against the EULA to "create derivative works of the Software".   

2.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).


3.  Please do the following to uninstall AdwCleaner.
4.  Finally, OTL CleanUp will handle the remaining programs.
If you did not reboot your computer normally, please do so now, before continuing.

I know you have "lectured" your family members about the importance of paying attention when installing programs for those hidden extras.  Please also explain that there are no magic fixes, including registry cleaners and optimizers.  In addition, please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" (http://securitygarden.blogspot.com/p/blog-page.html).
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 25, 2013, 02:41:05 AM
Hi Corrine,

I removed all the programs as you instructed and created a new restore point.

Since I removed the free trial Norton that came with the laptop I am trying to start windows defender but I am having issues. I find it in services but I can not set it to automatic and I can not start the service.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 25, 2013, 02:51:08 AM
Scratch that , I got it to work.

Not familiar with windows 8 too much and the navigation is a bit different but it is on now.

Thank you so much for you assistance Corrine.

Well off to my next project.

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 25, 2013, 12:53:35 PM
You're welcome.  I am happy I was able to help. 
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 25, 2013, 04:28:40 PM
Never a doubt.

Thanks again.  :goodie:

From this experience and reading many other threads I take it that even after someone removes a program and what not there tends to be some remnants that require more intricate tools such as Combofix or OTL to completely remove them.

Is this because those remnants could rise again and/or still cause issues?

4
Title: Re: Pop ups after possible fake adobe update alert
Post by: Corrine on July 25, 2013, 06:14:51 PM
It depends on what remnants are left behind.  Although I preach against Registry Cleaners, when adware/malware leaves a remnant behind in the registry, I prefer to see it safely removed.  In addition, the appdata folder replaces Document and Settings seen in Windows XP.  It contains data such as program settings, toolbar settings, temporary files created by applications, etc.  For that reason, I prefer to remove those remnants as well.  Without examining them closer, it appeared on your niece's computer that those folders were empty, however, I stubbornly wanted them gone.
Title: Re: Pop ups after possible fake adobe update alert
Post by: 4on4off on July 25, 2013, 07:20:17 PM
That makes sense and I know what you mean.

Sometimes I will help someone out and run it through the gauntlet and think it is all good but still have something like mywebsearch application or conduit search protect show up on a final comb over with ESET for example.

4