• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

trippy_ninja77

Full Member
  • Content count

    54
  • Joined

  • Last visited

About trippy_ninja77

  • Rank
    Member
  • Birthday

Profile Information

  • Gender
    Male
  1. The browser hijacker is now gone, however I still get the black screen followed by blue screen when trying to load windows normally. So i still have to enter through Safe Mode.
  2. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014 Ran by Dimbo at 2014-06-27 14:06:05 Running from C:\Users\Dimbo\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{F856881A-D370-B1A7-2AFF-128F4AA93558}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG) neroxml (x32 Version: 1.0.0 - Nero AG) Hidden PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.) RtkClassFilter (HKLM-x32\...\InstallShield_{8220FCF2-A57F-4236-BFCC-C6C2268E851E}) (Version: 1.2.1.4 - REALTEK Semiconductor Corp) RtkClassFilter (x32 Version: 1.2.1.4 - REALTEK Semiconductor Corp) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer) TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.9.2 - Shark007) Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) (HKLM\...\EA90D42054890B3938D0BEF1E8A316D20C6D6003) (Version: 12/02/2011 2.3.8.1 - Realtek Semiconductor Corp.) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 10-06-2014 21:45:55 Windows Update 11-06-2014 23:40:35 Windows Update 12-06-2014 15:14:06 Windows Update 19-06-2014 04:39:23 Windows Update 25-06-2014 00:53:48 Windows Update ==================== Hosts content: ========================== 2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {332AD646-22CA-406E-9AED-57C9F9C6CB22} - \BackgroundContainer Startup Task No Task File <==== ATTENTION Task: {4C9377BD-8BDB-4D40-92D8-825A711B48AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.) Task: {6643201F-9554-4E0F-A8F2-0C1BC6E17DF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {76434805-E668-4AD1-AD31-88891EC4D364} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {974DF8B0-9197-4A54-8B32-5440370D75C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.) Task: {A4C8B606-94E8-4D2E-A3AF-50ED8512E007} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2014-06-26 22:26 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-06-26 22:26 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2014-05-24 10:03 - 2014-05-13 20:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-24 10:03 - 2014-05-13 20:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-24 10:03 - 2014-05-13 20:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2014 05:29:56 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10b0 Start Time: 01cf8df3e3594a24 Termination Time: 29 Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Report Id: 611ae6f6-f9e7-11e3-b28a-4c72b9598941 Error: (06/15/2014 01:58:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24 Exception code: 0xc0000005 Fault offset: 0x0000000000053d0e Faulting process id: 0x72c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (06/09/2014 03:15:16 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929} Error: (06/09/2014 03:12:34 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86" Error: (06/09/2014 03:08:55 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86" Error: (06/06/2014 03:45:32 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (2792) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (06/06/2014 03:45:06 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3340) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (06/06/2014 03:13:00 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {03329364-ED3E-3EF1-ACB0-C1E9F5282929} Error: (06/06/2014 03:12:30 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86" Error: (06/06/2014 03:12:06 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY) Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86" System errors: ============= Error: (06/27/2014 01:52:14 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (06/27/2014 01:52:14 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/27/2014 01:52:02 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/27/2014 01:51:55 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (06/27/2014 01:51:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 Error: (06/27/2014 01:51:03 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000116 (0xfffffa8006ea5010, 0xfffff88003a07910, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP062714-22932-01 Error: (06/27/2014 01:51:00 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:49:53 PM on ‎6/‎27/‎2014 was unexpected. Error: (06/27/2014 01:26:35 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (06/27/2014 01:26:35 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/27/2014 01:26:20 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 4055.8 MB Available physical RAM: 3181.92 MB Total Pagefile: 8109.79 MB Available Pagefile: 7275.89 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:553.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 58943F2B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014 Ran by Dimbo (administrator) on DIMBO-PC on 27-06-2014 14:04:27 Running from C:\Users\Dimbo\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation) HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect" HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-06] (Microsoft Corporation) HKU\S-1-5-21-4290838869-1402470342-320466233-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-4290838869-1402470342-320466233-1000\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[s0].txt [6078 2014-06-27] () HKU\S-1-5-21-4290838869-1402470342-320466233-1000\...\MountPoints2: {44bb12c1-ce61-11e2-81fe-74e543b78395} - E:\win\setup.exe -phs Startup: C:\Users\Dimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x46177EFCD86CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {571C53C5-8C20-419D-99B1-4891B7B51185} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3283135&CUI=UN31354675782106119&UM=4 BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 201.17.1.114 201.17.1.92 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: google.com.au CHR Extension: (Google Docs) - C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01] CHR Extension: (Google Wallet) - C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-27] ==================== Services (Whitelisted) ================= S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] () S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-06-26] (Malwarebytes Corporation) S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [21096 2012-01-05] (Realtek Microelectronics) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1147536 2012-07-25] (Realtek Semiconductor Corporation ) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-27 14:04 - 2014-06-27 14:04 - 00008440 _____ () C:\Users\Dimbo\Downloads\FRST.txt 2014-06-27 14:04 - 2014-06-27 14:04 - 00000000 ____D () C:\FRST 2014-06-27 14:02 - 2014-06-27 14:02 - 02082816 _____ (Farbar) C:\Users\Dimbo\Downloads\FRST64.exe 2014-06-27 13:51 - 2014-06-27 13:51 - 00822816 _____ () C:\Windows\Minidump\062714-22932-01.dmp 2014-06-27 13:29 - 2014-06-27 13:44 - 00000000 ____D () C:\AdwCleaner 2014-06-27 13:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-27 13:28 - 2014-06-27 13:29 - 01342659 _____ () C:\Users\Dimbo\Downloads\adwcleaner_3.213.exe 2014-06-27 13:25 - 2014-06-27 13:25 - 00822824 _____ () C:\Windows\Minidump\062714-22713-01.dmp 2014-06-26 22:26 - 2014-06-26 22:26 - 00180000 _____ (Kaspersky Lab) C:\Users\Dimbo\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe 2014-06-26 22:26 - 2014-06-26 22:26 - 00000917 _____ () C:\Users\Dimbo\Desktop\checkup.txt 2014-06-26 22:22 - 2014-06-26 22:22 - 00854390 _____ () C:\Users\Dimbo\Downloads\SecurityCheck.exe 2014-06-26 22:22 - 2014-06-26 22:22 - 00020781 _____ () C:\Users\Dimbo\Desktop\dds.txt 2014-06-26 22:22 - 2014-06-26 22:22 - 00013541 _____ () C:\Users\Dimbo\Desktop\attach.txt 2014-06-26 22:21 - 2014-06-26 22:21 - 00688992 ____R (Swearware) C:\Users\Dimbo\Downloads\dds (1).scr 2014-06-26 22:16 - 2014-06-26 22:16 - 00822816 _____ () C:\Windows\Minidump\062614-24148-01.dmp 2014-06-26 22:04 - 2014-06-26 22:04 - 00688992 ____R (Swearware) C:\Users\Dimbo\Downloads\dds.scr 2014-06-26 22:02 - 2014-06-26 22:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-26 22:02 - 2014-06-26 22:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-26 22:02 - 2014-06-26 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-26 22:02 - 2014-06-26 22:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-26 22:02 - 2014-06-26 22:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-26 22:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-26 22:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-26 22:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-26 22:00 - 2014-06-26 22:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dimbo\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-26 21:54 - 2014-06-26 21:54 - 00822824 _____ () C:\Windows\Minidump\062614-23025-01.dmp 2014-06-26 21:52 - 2014-06-26 21:52 - 00000000 _____ () C:\Windows\Minidump\062614-24772-01.dmp 2014-06-13 23:28 - 2014-06-13 23:28 - 00000000 __SHD () C:\Users\Dimbo\AppData\Local\EmieUserList 2014-06-13 23:28 - 2014-06-13 23:28 - 00000000 __SHD () C:\Users\Dimbo\AppData\Local\EmieSiteList 2014-06-10 18:51 - 2014-05-08 04:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-10 18:51 - 2014-05-08 03:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-10 18:51 - 2014-05-08 02:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-10 18:51 - 2014-05-08 02:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-10 18:51 - 2014-05-08 01:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-10 18:51 - 2014-05-08 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-10 18:48 - 2014-06-10 18:48 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-06-10 18:46 - 2013-12-21 06:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-10 18:46 - 2013-12-21 05:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-09 17:17 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-09 17:17 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-09 17:17 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-09 17:17 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-09 17:17 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-09 17:17 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-09 17:17 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-09 17:17 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-09 17:17 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-09 17:17 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-09 17:17 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-09 17:17 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-09 17:17 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-09 17:17 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-09 17:17 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-09 17:17 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-09 17:17 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-09 17:17 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-09 17:17 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-09 17:17 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-09 17:17 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-09 17:17 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-09 17:17 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-09 17:17 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-09 17:17 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-09 17:17 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-09 17:17 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-09 17:17 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-09 17:17 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-09 17:17 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-09 17:17 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-09 17:17 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-09 17:17 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-09 17:17 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-09 17:17 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-09 17:17 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-09 03:26 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-06-09 03:23 - 2014-06-09 03:23 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-06-09 03:23 - 2014-06-09 03:23 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-06-09 03:23 - 2014-06-09 03:23 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-06-09 03:23 - 2014-06-09 03:23 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-06-09 03:23 - 2014-06-09 03:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-06-09 03:23 - 2014-06-09 03:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-06-09 03:23 - 2014-06-09 03:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-06-09 03:23 - 2014-06-09 03:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-06-09 03:23 - 2014-06-09 03:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-06-09 03:22 - 2014-06-09 03:22 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-06-09 03:22 - 2014-06-09 03:22 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-06-09 03:22 - 2014-06-09 03:22 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-06-09 03:22 - 2014-06-09 03:22 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-06-09 03:22 - 2014-06-09 03:22 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-06-09 03:22 - 2014-06-09 03:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-06-09 03:21 - 2014-06-09 03:21 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-09 03:21 - 2014-06-09 03:21 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-06-09 03:21 - 2014-06-09 03:21 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-06-09 03:20 - 2014-06-09 03:20 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-06-09 03:17 - 2014-06-09 03:17 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-06-09 03:17 - 2014-06-09 03:17 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-06-09 03:16 - 2014-06-09 03:26 - 00011621 _____ () C:\Windows\IE11_main.log 2014-06-06 16:06 - 2013-07-04 09:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-06-06 16:06 - 2013-07-04 08:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-06-06 16:05 - 2014-03-24 23:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-06 16:05 - 2014-03-24 23:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-06 16:05 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-06-06 16:05 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-06-06 16:05 - 2013-11-11 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-06-06 16:05 - 2013-11-11 23:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-06-06 16:05 - 2013-10-18 23:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-06-06 16:05 - 2013-10-18 22:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-06-06 16:05 - 2013-10-05 17:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-06-06 16:05 - 2013-10-05 16:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-06-06 16:05 - 2013-07-09 02:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-06-06 16:05 - 2013-07-09 02:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-06-06 16:05 - 2013-07-09 02:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-06-06 16:05 - 2013-07-09 01:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-06-06 16:05 - 2013-07-09 01:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-06-06 16:05 - 2013-07-09 01:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-06-06 16:05 - 2013-02-27 03:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-06-06 16:05 - 2013-02-27 02:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-06-06 16:05 - 2013-02-27 02:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-06-06 16:05 - 2013-02-27 01:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-06-06 16:04 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-06 16:04 - 2013-12-05 23:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-06 16:04 - 2013-12-05 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-06 16:04 - 2013-12-05 23:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-06 16:04 - 2013-12-05 23:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-06 16:04 - 2013-11-26 22:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-06-06 16:04 - 2013-11-26 22:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-06-06 16:04 - 2013-10-03 23:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-06-06 16:04 - 2013-10-03 22:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-06-06 16:04 - 2013-09-27 22:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-06-06 16:04 - 2013-07-25 06:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-06-06 16:04 - 2013-07-25 05:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-06-06 16:04 - 2013-07-12 07:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-06-06 16:04 - 2013-07-12 07:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-06-06 16:04 - 2013-07-09 02:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-06-06 16:04 - 2013-07-09 01:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-06-06 16:04 - 2013-06-25 19:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-06-06 16:04 - 2013-06-06 02:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-06-06 16:04 - 2013-06-06 02:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-06-06 16:04 - 2013-06-06 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-06-06 16:04 - 2013-06-06 02:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-06-06 16:04 - 2013-06-06 01:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-06-06 16:04 - 2013-06-06 01:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2014-06-06 16:04 - 2013-06-06 01:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2014-06-06 16:04 - 2013-06-06 00:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-06-06 16:04 - 2013-06-06 00:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-06-06 16:04 - 2013-06-06 00:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-06-06 16:04 - 2012-11-28 19:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-06-06 16:04 - 2012-11-28 19:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-06-06 16:04 - 2012-11-28 19:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2014-06-06 16:03 - 2014-04-11 23:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-06 16:03 - 2014-04-11 23:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-06 16:03 - 2014-04-11 23:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-06-06 16:03 - 2014-04-11 23:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-06 16:03 - 2014-04-11 23:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-06 16:03 - 2014-04-11 23:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-06 16:03 - 2014-04-11 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-06-06 16:03 - 2014-04-11 23:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-06-06 16:03 - 2014-04-11 23:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-06-06 16:03 - 2014-03-04 06:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-06 16:03 - 2014-03-04 06:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-06-06 16:03 - 2014-03-04 06:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-06 16:03 - 2014-03-04 06:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-06 16:03 - 2014-03-04 06:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-06-06 16:03 - 2014-03-04 06:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-06-06 16:03 - 2014-03-04 06:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-06-06 16:03 - 2014-03-04 06:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-06-06 16:03 - 2014-03-04 06:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-06-06 16:03 - 2014-03-04 06:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-06-06 16:03 - 2013-09-24 23:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-06-06 16:03 - 2013-09-24 22:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-06-06 16:03 - 2013-08-01 23:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-06-06 16:03 - 2013-08-01 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2014-06-06 16:03 - 2013-08-01 22:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2014-06-06 16:03 - 2013-08-01 21:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-06-06 16:03 - 2013-07-04 09:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-06-06 16:03 - 2013-07-03 01:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-06-06 16:03 - 2013-07-03 01:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-06-06 16:03 - 2013-06-15 01:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-06 16:03 - 2013-06-15 01:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-06-06 16:02 - 2014-03-04 06:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-06-06 16:02 - 2014-03-04 06:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-06-06 16:02 - 2014-03-04 06:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-06-06 16:02 - 2014-03-04 06:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-06-06 16:02 - 2014-03-04 06:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-06-06 16:02 - 2014-03-04 06:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-06-06 16:02 - 2014-03-04 06:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-06-06 16:02 - 2014-03-04 06:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-06-06 16:02 - 2014-03-04 06:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-06-06 16:02 - 2014-03-04 05:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-06-06 16:02 - 2014-03-04 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-06-06 16:02 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-06-06 16:02 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-06-06 16:02 - 2013-10-02 23:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-06-06 16:02 - 2013-10-02 23:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-06-06 16:02 - 2013-08-01 23:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-06-06 16:02 - 2013-08-01 21:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 21:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 21:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2014-06-06 16:02 - 2013-08-01 21:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2014-06-06 16:02 - 2013-07-25 23:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-06-06 16:02 - 2013-07-25 22:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-06-06 16:02 - 2013-07-20 07:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-06-06 16:02 - 2013-07-20 07:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-06-06 16:02 - 2013-05-13 02:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-06-06 16:02 - 2013-05-13 00:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-06-06 16:02 - 2013-05-13 00:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2014-06-06 16:02 - 2013-05-13 00:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2014-06-06 16:02 - 2013-04-26 02:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-06-06 16:02 - 2013-04-26 01:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2014-06-06 16:02 - 2012-11-23 00:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2014-06-06 16:01 - 2013-10-11 23:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-06-06 16:01 - 2013-10-11 23:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-06-06 16:01 - 2013-10-11 23:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-06-06 16:01 - 2013-10-11 23:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-06-06 16:01 - 2013-10-11 22:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-06-06 16:01 - 2013-10-11 22:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-06-06 16:01 - 2013-10-11 22:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-06-06 16:01 - 2013-10-11 22:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-06-06 16:01 - 2013-08-01 09:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-06-06 16:01 - 2013-04-10 03:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-06-06 16:01 - 2011-02-03 08:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-06-06 15:56 - 2013-10-11 23:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-06-06 15:56 - 2013-10-11 23:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-06-06 15:56 - 2013-10-11 23:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-06-06 15:56 - 2013-10-11 23:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-06-06 15:56 - 2013-10-11 23:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-06-06 03:05 - 2014-06-06 03:05 - 00000000 ____D () C:\Windows\system32\SPReview 2014-06-06 03:05 - 2014-06-06 03:05 - 00000000 ____D () C:\Windows\system32\EventProviders 2014-06-05 18:25 - 2010-11-04 22:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-06-05 18:25 - 2010-11-04 22:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-06-05 18:25 - 2010-11-04 22:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-06-05 18:24 - 2010-11-20 10:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll 2014-06-05 18:24 - 2010-11-20 10:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2014-06-05 18:24 - 2010-11-20 10:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2014-06-05 18:24 - 2010-11-20 10:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-06-05 18:24 - 2010-11-20 10:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2014-06-05 18:24 - 2010-11-20 10:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys 2014-06-05 18:24 - 2010-11-20 10:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2014-06-05 18:24 - 2010-11-20 10:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 02314752 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2014-06-05 18:24 - 2010-11-20 10:27 - 01197056 _____ (Microsoft Corpo
  4. Adwarecleaner(RO): # AdwCleaner v3.213 - Report created 27/06/2014 at 13:29:30 # Updated 23/06/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Dimbo - DIMBO-PC # Running from : C:\Users\Dimbo\Downloads\adwcleaner_3.213.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\Dimbo\daemonprocess.txt File Found : C:\Users\Dimbo\Desktop\Continue VuuPC Installation.lnk Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Mobogenie Folder Found : C:\Program Files (x86)\Vuze Folder Found : C:\Program Files (x86)\Vuze_Remote_B Folder Found : C:\ProgramData\Conduit Folder Found : C:\Users\Dimbo\AppData\Local\Conduit Folder Found : C:\Users\Dimbo\AppData\Local\Mobogenie Folder Found : C:\Users\Dimbo\AppData\LocalLow\Conduit Folder Found : C:\Users\Dimbo\AppData\LocalLow\PriceGong Folder Found : C:\Users\Dimbo\AppData\LocalLow\Vuze_Remote_B Folder Found : C:\Users\Dimbo\Documents\Mobogenie Folder Found : C:\Users\Dimbo\Documents\Optimizer Pro Folder Found : C:\Windows\SysWOW64\SearchProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote_B Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : [x64] HKCU\Software\Conduit Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3283135 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03BA3CAB-0263-4BD2-B921-87DF9B72C227} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03BA3CAB-0263-4BD2-B921-87DF9B72C227} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64B6C31-6674-441E-A2F5-66890281D288} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : HKLM\Software\Vuze_Remote_B Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&q={searchTerms}&SSPV= Found [startup_urls] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= ************************* AdwCleaner[R0].txt - [5899 octets] - [27/06/2014 13:29:30] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5959 octets] ########## Adwarecleaner (SO): # AdwCleaner v3.213 - Report created 27/06/2014 at 13:44:38 # Updated 23/06/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Dimbo - DIMBO-PC # Running from : C:\Users\Dimbo\Downloads\adwcleaner_3.213.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Mobogenie Folder Deleted : C:\Program Files (x86)\Vuze Folder Deleted : C:\Program Files (x86)\Vuze_Remote_B Folder Deleted : C:\Windows\SysWOW64\SearchProtect Folder Deleted : C:\Users\Dimbo\AppData\Local\Conduit Folder Deleted : C:\Users\Dimbo\AppData\Local\Mobogenie Folder Deleted : C:\Users\Dimbo\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Dimbo\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Dimbo\AppData\LocalLow\Vuze_Remote_B Folder Deleted : C:\Users\Dimbo\Documents\Mobogenie Folder Deleted : C:\Users\Dimbo\Documents\Optimizer Pro File Deleted : C:\END File Deleted : C:\Users\Dimbo\daemonprocess.txt File Deleted : C:\Users\Dimbo\Desktop\Continue VuuPC Installation.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283135 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03BA3CAB-0263-4BD2-B921-87DF9B72C227} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64B6C31-6674-441E-A2F5-66890281D288} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote_B Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Vuze_Remote_B ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&q={searchTerms}&SSPV= Deleted [startup_urls] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= ************************* AdwCleaner[R0].txt - [6043 octets] - [27/06/2014 13:29:30] AdwCleaner[s0].txt - [5938 octets] - [27/06/2014 13:44:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5998 octets] ##########
  5. # AdwCleaner v3.213 - Report created 27/06/2014 at 13:29:30 # Updated 23/06/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Dimbo - DIMBO-PC # Running from : C:\Users\Dimbo\Downloads\adwcleaner_3.213.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\Dimbo\daemonprocess.txt File Found : C:\Users\Dimbo\Desktop\Continue VuuPC Installation.lnk Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Mobogenie Folder Found : C:\Program Files (x86)\Vuze Folder Found : C:\Program Files (x86)\Vuze_Remote_B Folder Found : C:\ProgramData\Conduit Folder Found : C:\Users\Dimbo\AppData\Local\Conduit Folder Found : C:\Users\Dimbo\AppData\Local\Mobogenie Folder Found : C:\Users\Dimbo\AppData\LocalLow\Conduit Folder Found : C:\Users\Dimbo\AppData\LocalLow\PriceGong Folder Found : C:\Users\Dimbo\AppData\LocalLow\Vuze_Remote_B Folder Found : C:\Users\Dimbo\Documents\Mobogenie Folder Found : C:\Users\Dimbo\Documents\Optimizer Pro Folder Found : C:\Windows\SysWOW64\SearchProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote_B Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : [x64] HKCU\Software\Conduit Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3283135 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03BA3CAB-0263-4BD2-B921-87DF9B72C227} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03BA3CAB-0263-4BD2-B921-87DF9B72C227} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64B6C31-6674-441E-A2F5-66890281D288} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A2805E7E-EFDB-4CEC-82D1-A5E0ADDD26C6} Key Found : HKLM\Software\Vuze_Remote_B Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&q={searchTerms}&SSPV= Found [startup_urls] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV= ************************* AdwCleaner[R0].txt - [5899 octets] - [27/06/2014 13:29:30] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5959 octets] ##########
  6. Hi, my computer can only run in safe mode, otherwise it just keeps trying to load the windows screen then displays the blue screen of death. Please see logs below. Cheers. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/26/2014 Scan Time: 10:04:17 PM Logfile: Malware log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.26.11 Rootkit Database: v2014.06.23.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dimbo Scan Type: Threat Scan Result: Completed Objects Scanned: 267296 Time Elapsed: 9 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [608a097238434beb93c3ed5e659d48b8], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [608a097238434beb93c3ed5e659d48b8], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [608a097238434beb93c3ed5e659d48b8], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [608a097238434beb93c3ed5e659d48b8], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4290838869-1402470342-320466233-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [a64497e44d2e1125236e76d0e9194fb1], PUP.Optional.PriceGong.A, HKU\S-1-5-21-4290838869-1402470342-320466233-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [22c81e5dcdae270f756897337f838e72], PUP.Optional.SuperFish.A, HKU\S-1-5-21-4290838869-1402470342-320466233-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [4f9b017a7efdf93d29e48a21bc46f30d], PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IECT3283135, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], Registry Values: 1 PUP.Optional.Conduit, HKU\S-1-5-21-4290838869-1402470342-320466233-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dimbo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, Quarantined, [59913e3de09bef4707a5d81c25deb749] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\ct2504091, Quarantined, [fbef9fdcb3c81d196ef0583baa58a65a], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3283135, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], Files: 37 PUP.Optional.OutBrowse, C:\Users\Dimbo\AppData\Local\Temp\DownloadManager.exe, Quarantined, [608a097238434beb93c3ed5e659d48b8], PUP.Optional.NextLive.A, C:\Users\Dimbo\AppData\Local\Temp\Mobogenie_INT.exe, Quarantined, [84665c1f9edd999deeb55efbc14025db], PUP.Optional.SearchProtect.A, C:\Users\Dimbo\AppData\Local\Temp\nsg368.exe, Quarantined, [f5f52d4eaecd5ed81267a985b948bb45], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\SPStub.exe, Quarantined, [eefc403b1b605cdaf8af978ae120a858], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [806a413aafcc142291166eb3ed149c64], PUP.Optional.InstallCore, C:\Users\Dimbo\AppData\Local\Temp\ICReinstall_nskD371.tmp, Quarantined, [e901c7b429526dc9e0dde430c34141bf], PUP.Optional.InstallCore, C:\Users\Dimbo\AppData\Local\Temp\ICReinstall_nss2892.tmp, Quarantined, [c22897e40c6f2a0c5f5e9e76c63ea060], PUP.Optional.InstallCore, C:\Users\Dimbo\AppData\Local\Temp\nskD371.tmp, Quarantined, [10da0b70e7943402ceef0311c04423dd], PUP.Optional.SearchProtect.A, C:\Users\Dimbo\AppData\Local\Temp\nsl84FA.exe, Quarantined, [e00af08b49329a9cb0c965c910f15ca4], PUP.Optional.SearchProtect.A, C:\Users\Dimbo\AppData\Local\Temp\nsq82F6.exe, Quarantined, [8c5e5c1f06759a9ce990ed41ad54cc34], PUP.Optional.InstallCore, C:\Users\Dimbo\AppData\Local\Temp\nss2892.tmp, Quarantined, [6585b8c3cab162d45d6069ab48bc827e], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\nst2918.exe, Quarantined, [63870d6e651646f0df8c9d86ca375aa6], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\nst598D.exe, Quarantined, [c82234473b40e94d5f0c37ec39c856aa], PUP.Optional.SearchProtect.A, C:\Users\Dimbo\AppData\Local\Temp\nsv6313.exe, Quarantined, [83673c3f5922e0563d3c8f9f976a5ea2], PUP.Optional.SearchProtect.A, C:\Users\Dimbo\AppData\Local\Temp\nsv64E8.exe, Quarantined, [43a7b0cb601ba5913b3ef8364cb5bc44], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\nsg37BF\SpSetup.exe, Quarantined, [cf1bcface09b4aece88346ddae53b947], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\ct2504091\ieLogic.exe, Quarantined, [876352291d5ec1756c3b8b969869748c], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\ct2504091\statisticsStub.exe, Quarantined, [c7233a41a5d650e6a4890efe9b6624dc], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Temp\AU\SPSetup.exe, Quarantined, [7f6b3843c8b33cfa56152003c9389769], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nse1DA7.exe, Quarantined, [905accafd3a82412394097974fb2f20e], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj682B.exe, Quarantined, [9258ee8df08bd165a0d9141ade23966a], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst6A3E.exe, Quarantined, [2ebc1566abd086b0c2b71b13f011b44c], PUP.Optional.Conduit.A, C:\Windows\Temp\nst72C4.exe, Quarantined, [509a047782f988ae5912cf54e9184eb2], PUP.Optional.Conduit.A, C:\Windows\Temp\B12E.tmp\bin\SPHook32.dll, Quarantined, [8763d0ab84f769cd75f6f033bf429d63], PUP.Optional.Conduit.A, C:\Windows\Temp\B12E.tmp\bin\SPHook64.dll, Quarantined, [915957248bf059dd5f0cc55e58a9ee12], PUP.Optional.Conduit.A, C:\Windows\Temp\B12E.tmp\bin\SPRunner.exe, Quarantined, [8f5bcfac96e57fb707643ee5b84950b0], PUP.Optional.Conduit.A, C:\Windows\Temp\B12E.tmp\bin\SPTool64.exe, Quarantined, [17d3b1ca65165ed8c7a4150e00019b65], PUP.Optional.Conduit.A, C:\Windows\Temp\B12E.tmp\Res\SPSetup.exe, Quarantined, [07e35427324994a23239230024ddc43c], PUP.Optional.Smart, C:\Users\Dimbo\Downloads\Splayer.exe, Quarantined, [bd2d3a4179029b9b6531ec213fc2837d], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Conduit\CT3283135\Vuze_Remote_BAutoUpdateHelper.exe, Quarantined, [6c7ef982413a9c9ad37234ea649ce61a], PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [28c29be01566cc6abd4d22cfba4914ec], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3283135\configutaion.json, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3283135\SetupIcon.ico, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3283135\UninstallerUI.exe, Quarantined, [d4167dfeef8cff37363c8d06b44e9868], PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV=",), Replaced,[d416b2c999e2c472e09b8c2c32d2c13f] PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&SSPV=" ],), Replaced,[c02a3942413ad3634e5f6652b84c1ce4] PUP.Optional.Conduit.A, C:\Users\Dimbo\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "search_url": "http://search.conduit.com/Results.aspx?ctid=CT3324764&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F99193D-1029-4095-9C3B-0803F77C5CCE&q={searchTerms}&SSPV=",), Replaced,[0cdef3887cffde58cf0ad1e7e02433cd] Physical Sectors: 0 (No malicious items detected) (end) . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/5/2013 11:39:49 PM System Uptime: 6/26/2014 10:16:25 PM (0 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1 Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2494/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 699 GiB total, 553.671 GiB free. D: is CDROM (CDFS) G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\TOS1900\2&DABA3FF&1 Manufacturer: Name: PNP Device ID: ACPI\TOS1900\2&DABA3FF&1 Service: . Class GUID: Description: Device ID: ACPI\TOS6205\2&DABA3FF&1 Manufacturer: Name: PNP Device ID: ACPI\TOS6205\2&DABA3FF&1 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: Description: Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_FB411179&REV_04\3&11583659&0&A0 Manufacturer: Name: PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_FB411179&REV_04\3&11583659&0&A0 Service: . ==== System Restore Points =================== . RP52: 6/10/2014 6:45:55 PM - Windows Update RP53: 6/11/2014 8:40:35 PM - Windows Update RP54: 6/12/2014 12:14:06 PM - Windows Update RP55: 6/19/2014 1:39:23 AM - Windows Update RP56: 6/24/2014 9:53:48 PM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 13 ActiveX Adobe Reader X (10.1.4) AMD APP SDK Runtime AMD Catalyst Install Manager Atheros Driver Installation Program Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Command & Conquer The First Decade Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel PROSet Wireless Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® USB 3.0 eXtensible Host Controller Driver Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client MagicDisc 2.7.106 Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition neroxml PokerStars Realtek Ethernet Controller Driver Realtek USB 2.0 Card Reader REALTEK Wireless LAN Driver Realtek WLAN Driver RtkClassFilter Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition Synaptics Pointing Device Driver TeamViewer 8 TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Web Camera Application Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition VLC media player 2.1.3 Vuze Win7codecs Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (12/02/2011 2.3.8.1) WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 6/26/2014 9:54:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8006dce1d0, 0xfffff8800417e910, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062614-23025-01. 6/26/2014 9:34:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/26/2014 9:31:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/26/2014 9:31:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/26/2014 9:30:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8006df84e0, 0xfffff88004168910, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062614-18236-01. 6/26/2014 9:30:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VWiFiFlt Wanarpv6 WfpLwf 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2014 9:30:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/26/2014 8:30:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8006e93180, 0xfffff8800419a910, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062614-17238-01. 6/26/2014 10:18:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/26/2014 10:18:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/26/2014 10:17:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/26/2014 10:17:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/26/2014 10:17:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 6/26/2014 10:16:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8006e60010, 0xfffff88003e07910, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062614-24148-01. 6/20/2014 1:48:07 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 11.0.9600.16521 Run by Dimbo at 22:21:35 on 2014-06-26 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4056.3278 [GMT -3:00] . . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8 uURLSearchHooks: Vuze Remote B Toolbar: {4cf23ae3-2b7c-4d43-b7d2-2dd1158d7af4} - C:\Program Files (x86)\Vuze_Remote_B\prxtbVuze.dll mURLSearchHooks: Vuze Remote B Toolbar: {4cf23ae3-2b7c-4d43-b7d2-2dd1158d7af4} - C:\Program Files (x86)\Vuze_Remote_B\prxtbVuze.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Vuze Remote B Toolbar: {4cf23ae3-2b7c-4d43-b7d2-2dd1158d7af4} - C:\Program Files (x86)\Vuze_Remote_B\prxtbVuze.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Vuze Remote B Toolbar: {4CF23AE3-2B7C-4D43-B7D2-2DD1158D7AF4} - C:\Program Files (x86)\Vuze_Remote_B\prxtbVuze.dll TB: Vuze Remote B Toolbar: {4cf23ae3-2b7c-4d43-b7d2-2dd1158d7af4} - C:\Program Files (x86)\Vuze_Remote_B\prxtbVuze.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\Users\Dimbo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 201.17.1.114 201.17.1.92 192.168.0.1 TCP: Interfaces\{76DA4542-6E8D-4E19-82B9-92F4F98DBA45} : DHCPNameServer = 201.17.1.114 201.17.1.92 192.168.0.1 TCP: Interfaces\{DADD73C5-4BC3-4807-99B4-CF2172D0A05F} : DHCPNameServer = 192.168.42.129 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-5 16152] R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-26 122584] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-6-6 251496] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-6 565352] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtwlane.sys [2013-6-10 1147536] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-5 235520] S2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe [2013-6-6 162824] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] S2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-6 128280] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-6 161560] S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-10 3560288] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-6 363800] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-7 594704] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-9 111616] S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-5 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-5 786200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-7 273168] S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2013-6-6 38096] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-1 20992] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\Windows\System32\drivers\RtkBtfilter.sys [2012-1-5 21096] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-5 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-3 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2014-06-27 01:02:20 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-27 01:02:09 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-27 01:02:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-27 01:02:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-27 01:02:08 -------- d-----w- C:\ProgramData\Malwarebytes 2014-06-27 01:02:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-27 00:57:09 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9351ADE7-3AB0-43A9-8ECA-C73C7685DB3E}\mpengine.dll 2014-06-27 00:55:19 -------- d-----w- C:\Windows\System32\wbem\repository 2014-06-14 02:28:51 -------- d-sh--w- C:\Users\Dimbo\AppData\Local\EmieUserList 2014-06-14 02:28:51 -------- d-sh--w- C:\Users\Dimbo\AppData\Local\EmieSiteList 2014-06-10 21:51:15 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-06-10 21:51:15 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-06-10 21:48:46 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2014-06-10 21:46:33 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-06-10 21:46:33 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-06-09 06:22:03 878080 ----a-w- C:\Windows\System32\advapi32.dll 2014-06-09 06:22:03 859648 ----a-w- C:\Windows\System32\tdh.dll 2014-06-09 06:22:03 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2014-06-09 06:22:03 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2014-06-09 06:22:03 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2014-06-09 06:22:03 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2014-06-09 06:21:20 327168 ----a-w- C:\Windows\System32\mswsock.dll 2014-06-09 06:21:20 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2014-06-09 06:21:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-06-09 06:17:29 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2014-06-09 06:17:29 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2014-06-06 19:06:03 633856 ----a-w- C:\Windows\System32\comctl32.dll 2014-06-06 19:06:02 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll 2014-06-06 19:04:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-06-06 19:03:56 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2014-06-06 19:01:58 202752 ----a-w- C:\Windows\System32\scrrun.dll 2014-06-06 19:01:58 168960 ----a-w- C:\Windows\System32\wscript.exe 2014-06-06 19:01:58 156160 ----a-w- C:\Windows\System32\cscript.exe 2014-06-06 19:01:58 150016 ----a-w- C:\Windows\System32\wshom.ocx 2014-06-06 19:01:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe 2014-06-06 19:01:58 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx 2014-06-06 19:01:57 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll 2014-06-06 19:01:57 126976 ----a-w- C:\Windows\SysWow64\cscript.exe 2014-06-06 19:01:56 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-06-06 19:01:56 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-06-06 19:01:55 144384 ----a-w- C:\Windows\System32\cdd.dll 2014-06-06 18:56:35 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2014-06-06 18:56:34 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2014-06-06 18:56:34 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2014-06-06 18:56:34 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2014-06-06 18:56:34 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2014-06-06 06:05:18 -------- d-----w- C:\Windows\System32\SPReview 2014-06-06 06:05:03 -------- d-----w- C:\Windows\System32\EventProviders 2014-06-05 21:25:05 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2014-06-05 21:25:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2014-06-05 21:25:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2014-06-05 21:23:59 800256 ----a-w- C:\Windows\System32\usp10.dll 2014-06-05 21:22:59 898560 ----a-w- C:\Windows\System32\OobeFldr.dll 2014-06-05 21:21:56 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2014-06-05 21:21:56 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2014-06-05 21:21:56 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll 2014-06-05 21:20:19 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2014-06-05 21:20:19 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2014-06-05 21:20:16 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2014-06-04 22:35:17 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2014-06-04 22:35:17 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2014-06-04 22:35:17 229376 ----a-w- C:\Windows\System32\fsquirt.exe 2014-06-03 23:41:38 -------- d-----w- C:\Windows\SysWow64\Wat 2014-06-03 23:41:38 -------- d-----w- C:\Windows\System32\Wat 2014-06-03 19:05:06 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2014-06-03 19:05:06 5120 ----a-w- C:\Windows\System32\wmi.dll 2014-06-03 19:05:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2014-06-02 20:10:30 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2014-06-02 20:06:43 642944 ----a-w- C:\Windows\System32\winload.efi 2014-06-02 20:06:43 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll 2014-06-02 20:06:43 605552 ----a-w- C:\Windows\System32\winload.exe 2014-06-02 20:06:43 566208 ----a-w- C:\Windows\System32\winresume.efi 2014-06-02 20:06:43 518672 ----a-w- C:\Windows\System32\winresume.exe 2014-06-02 20:06:43 20352 ----a-w- C:\Windows\System32\kdusb.dll 2014-06-02 20:06:43 19328 ----a-w- C:\Windows\System32\kd1394.dll 2014-06-02 20:06:43 17792 ----a-w- C:\Windows\System32\kdcom.dll 2014-06-02 19:55:41 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2014-06-02 19:55:41 850944 ----a-w- C:\Windows\SysWow64\sbe.dll 2014-06-02 19:55:41 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2014-06-02 19:55:41 259072 ----a-w- C:\Windows\System32\mpg2splt.ax 2014-06-02 19:55:41 1118720 ----a-w- C:\Windows\System32\sbe.dll 2014-06-02 19:55:40 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax 2014-06-02 19:53:39 1572864 ----a-w- C:\Windows\System32\quartz.dll 2014-06-02 19:53:39 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2014-06-02 19:53:38 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2014-06-02 19:53:38 366592 ----a-w- C:\Windows\System32\qdvd.dll 2014-06-02 19:53:14 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2014-06-02 19:53:13 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2014-06-02 19:53:13 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2014-06-02 19:53:09 395776 ----a-w- C:\Windows\System32\webio.dll 2014-06-02 19:53:09 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2014-06-02 19:51:51 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-06-02 19:51:20 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2014-06-02 19:51:20 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2014-06-02 19:51:20 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2014-06-02 19:51:20 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2014-06-02 19:51:05 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys 2014-06-02 19:51:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys 2014-06-02 19:51:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2014-06-02 19:51:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2014-06-02 19:51:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2014-06-02 19:51:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2014-06-02 19:50:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2014-06-02 19:50:42 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2014-06-02 19:50:28 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2014-06-02 19:50:28 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2014-06-02 19:50:28 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2014-06-02 19:49:52 478208 ----a-w- C:\Windows\System32\dpnet.dll 2014-06-02 19:49:52 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2014-06-02 19:49:52 3072 ----a-w- C:\Windows\System32\dpnaddr.dll 2014-06-02 19:49:52 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll 2014-06-02 19:49:17 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2014-06-02 19:49:17 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2014-06-02 19:49:17 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2014-06-02 19:49:09 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-06-02 19:49:09 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-02 19:47:42 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2014-06-02 19:46:33 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2014-06-02 19:46:33 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2014-06-02 19:46:33 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2014-06-02 19:46:33 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2014-06-02 19:46:33 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2014-06-02 19:46:33 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2014-06-02 19:46:33 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2014-06-02 19:46:33 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2014-06-02 19:46:33 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2014-06-02 19:46:33 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2014-06-02 19:46:33 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2014-06-02 19:46:33 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2014-06-02 19:46:33 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2014-06-02 19:32:01 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2014-06-02 19:31:51 270496 ----a-w- C:\Windows\System32\MpSigStub.exe 2014-06-02 19:31:43 77312 ----a-w- C:\Windows\System32\packager.dll 2014-06-02 19:31:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2014-06-02 00:19:59 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2014-06-02 00:19:59 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2014-06-02 00:19:59 162816 ----a-w- C:\Windows\System32\rdpudd.dll 2014-06-02 00:19:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2014-06-02 00:19:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2014-06-02 00:14:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2014-06-02 00:13:49 99840 ----a-w- C:\Windows\System32\wudriver.dll 2014-06-02 00:13:38 36864 ----a-w- C:\Windows\System32\wuapp.exe 2014-06-02 00:13:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2014-06-09 06:20:01 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-06-06 06:35:44 175616 ----a-w- C:\Windows\System32\msclmd.dll 2014-06-06 06:35:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2014-05-14 15:01:18 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-14 15:01:18 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll 2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll 2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-04-01 01:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2014-04-01 01:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX . ============= FINISH: 22:22:33.26 =============== Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  7. Will go with Avast! Cheers. # AdwCleaner v3.022 - Report created 22/03/2014 at 22:19:02 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Ja Hizzle - JAHIZZLE-PC # Running from : C:\Users\Ja Hizzle\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Vuze ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Ja Hizzle\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2189 octets] - [11/09/2013 21:11:22] AdwCleaner[R1].txt - [2253 octets] - [11/09/2013 21:14:12] AdwCleaner[R2].txt - [3056 octets] - [22/03/2014 22:17:04] AdwCleaner[s0].txt - [2086 octets] - [11/09/2013 21:14:45] AdwCleaner[s1].txt - [2704 octets] - [22/03/2014 22:19:02] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2764 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Ja Hizzle on Sat 22/03/2014 at 22:25:04.62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Ja Hizzle\AppData\Roaming\getrighttogo" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 22/03/2014 at 22:35:42.37 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ja Hizzle [Admin rights] Mode : Remove -- Date : 03/22/2014 22:51:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100 +++++ --- User --- [MBR] 6ae478927f4cd82f8c8f4cc90f5c2581 [bSP] 9310af81e38196d2c29b65e501f61abc : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 940241 MB 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1928687616 | Size: 12127 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_03222014_225140.txt >> RKreport[0]_S_03222014_224701.txt
  8. Hey guys, please find below all requested logs. I was concerned my internet/laptop use/behaviour was being monitored through my network and changed some settings etc, tried to read up on logs through hidden folders etc but have no idea how to decipher the depths of a computer, I did end up downloading CyberScrub® KeyChain, which appeared to infect my laptop with Conduit browser hijacker. Cheers. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.19.02 Windows 7 Service Pack 1 x64 FAT32 Internet Explorer 11.0.9600.16518 Ja Hizzle :: JAHIZZLE-PC [administrator] 19/03/2014 7:08:23 PM mbam-log-2014-03-19 (19-08-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 242771 Time elapsed: 3 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Users\Ja Hizzle\AppData\Local\Temp\nsa4634.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\nsb28A5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\nsm595B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\nsr2B74.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\nsw55A2.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\nslE2DE\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\Local Settings\Temporary Internet Files\Content.IE5\F1QXJF4G\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\Local Settings\Temporary Internet Files\Content.IE5\Q1N97H9K\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.40.2 Run by Ja Hizzle at 19:09:45 on 2014-03-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8111.5598 [GMT 11:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\windows\system32\TODDSrv.exe c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\Dwm.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Windows\System32\ThpSrv.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\System32\WUDFHost.exe E:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.outfox.tv/?referid=150 uDefault_Page_URL = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uProxyServer = hxxp=202.202.0.163 mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{CADE5505-1C56-4D18-ADC0-AA1CEE3A20D7} : DHCPNameServer = 192.168.1.1 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0CzztCzytByE0A0D0FtAyDtN0D0Tzu0CyCtCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1422333175&ir= x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [sRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152] R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-9-5 28992] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-24 36992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-30 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384] R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584] R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-9-5 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-5 161560] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-25 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472] R2 UDSS;UDSS;C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2012-1-18 30064] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-5 363800] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-9-5 9216] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-9-5 38096] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\drivers\RtsP2Stor.sys [2013-9-5 259176] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtwlane.sys [2013-9-5 1082472] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver.sys [2012-2-25 22800] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 OutfoxTvService;OutfoxTvService;C:\Program Files\OutfoxTV\OutfoxTvService.exe --> C:\Program Files\OutfoxTV\OutfoxTvService.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2013-9-5 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-16 111616] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-1-17 103536] S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\drivers\RtkBtfilter.sys [2012-1-6 21096] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-5 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2014-03-18 07:08:28 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A19C266-C381-45B7-BE52-B19F98CE081C}\mpengine.dll 2014-03-15 01:02:40 228864 ----a-w- C:\windows\System32\wwansvc.dll 2014-03-14 13:57:14 484864 ----a-w- C:\windows\System32\wer.dll 2014-03-14 13:57:14 381440 ----a-w- C:\windows\SysWow64\wer.dll 2014-03-14 13:57:11 3156480 ----a-w- C:\windows\System32\win32k.sys 2014-03-14 07:21:06 624128 ----a-w- C:\windows\System32\qedit.dll 2014-03-14 07:21:05 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2014-03-14 07:21:04 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2014-03-14 07:21:04 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2014-03-13 13:47:06 -------- d-----w- C:\Users\Ja Hizzle\AppData\Roaming\WinBatch 2014-03-13 12:29:48 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2014-03-12 11:50:07 -------- d-----w- C:\Users\Ja Hizzle\AppData\Local\Apps 2014-03-10 09:22:47 -------- d-----w- C:\Users\Ja Hizzle\AppData\Local\Microsoft Games 2014-03-01 15:36:42 -------- d-----w- C:\Users\Ja Hizzle\AppData\Local\PokerStars 2014-03-01 15:36:14 -------- d-----w- C:\Program Files (x86)\PokerStars 2014-02-26 16:01:47 -------- d-----w- C:\windows\Migration 2014-02-21 07:52:26 -------- d-----w- C:\Users\Ja Hizzle\.swt 2014-02-21 07:52:00 -------- d-----w- C:\Users\Ja Hizzle\AppData\Roaming\Azureus 2014-02-21 07:51:57 -------- d-----w- C:\Program Files (x86)\Vuze . ==================== Find3M ==================== . 2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb 2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll 2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll 2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll 2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-12-21 09:53:45 548864 ----a-w- C:\windows\System32\vbscript.dll 2013-12-21 08:56:47 454656 ----a-w- C:\windows\SysWow64\vbscript.dll . ============= FINISH: 19:10:14.61 =============== HEy Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 40 Java version out of Date! Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  9. No, all seems to be working fine again!! Thanks heaps for your time, cheers!
  10. Cheers, so, it's not letting me save the ESET log, but only one item was found and quarantined/deleted and that was from - Users/me/downloads/cbsidlm-tr_14-VLC_Media_Player_64bit-ORG-75761094.exe which is the first program i downloaded and was infected by, the 'threat' being - Win32/DownloadAdmin.G application. As for the other log, it worked this time: Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Google Chrome 18.0.1025.142 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  11. Thanks for that, computer running well it appears, and no more hi jacked browser. Please see below requested posts however i'm not sure of the rogue killer log (not sure where that log would come from?) and the final program - security check, it just generated the following: UNSUPPORTED OPERATING SYSTEM! ABORTED! Here are the other two: # AdwCleaner v3.003 - Report created 11/09/2013 at 20:14:45 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Ja Hizzle - JAHIZZLE-PC # Running from : C:\Users\Ja Hizzle\Downloads\adwcleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Program Files (x86)\Splashtop Folder Deleted : C:\Users\Ja Hizzle\AppData\LocalLow\Mysearchdial File Deleted : C:\windows\Tasks\Dealply.job File Deleted : C:\windows\System32\Tasks\Dealply File Deleted : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job File Deleted : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA File Deleted : C:\windows\Tasks\MySearchDial.job File Deleted : C:\windows\System32\Tasks\MySearchDial ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKCU\Software\InstallCore Key Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\Software\Splashtop Inc. ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Ja Hizzle\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [2189 octets] - [11/09/2013 20:11:22] AdwCleaner[R1].txt - [2253 octets] - [11/09/2013 20:14:12] AdwCleaner[s0].txt - [1942 octets] - [11/09/2013 20:14:45] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2002 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.9 (09.07.2013:1) OS: Windows 7 Home Premium x64 Ran by Ja Hizzle on Wed 11/09/2013 at 20:19:05.05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 11/09/2013 at 20:24:36.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks again!
  12. Sorry about that, please find logs below, cheers. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.09.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Ja Hizzle :: JAHIZZLE-PC [administrator] 9/09/2013 5:44:55 PM mbam-log-2013-09-09 (17-44-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239657 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Detected: 1 C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 2224 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 103 HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCR\CLSID\{d77aa852-def3-43cb-a3f5-bd679de72f32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{c3c45c5f-2f1b-4012-a854-f89dc99f2335} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCR\Interface\{7F66829F-F442-431F-AF59-E4474505A67A} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\AppID\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoreMachineClass.1 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoreMachineClass (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3COMClassService (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\dealplylive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEALPLYLIVE.EXE (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\dealplylivem (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebMachineFallback (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CredentialDialogMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoCreateAsync (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLive.OneClickCtrl.9 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLive.Update3WebControl.3 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{C536F080-57B7-46D6-8894-C647553F2889} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLive.OneClickProcessLauncherMachine (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoreClass.1 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.CoreClass (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.ProcessLauncher (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\DealPlyLiveUpdate.Update3WebSvc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly) -> Quarantined and deleted successfully. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealply (PUP.DealPly.A) -> Quarantined and deleted successfully. HKCR\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} (PUP.DealPly) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} (PUP.DealPly) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} (PUP.DealPly) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} (PUP.DealPly) -> Quarantined and deleted successfully. HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> Quarantined and deleted successfully. HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> Quarantined and deleted successfully. HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> Quarantined and deleted successfully. Registry Values Detected: 4 HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0155 -> Quarantined and deleted successfully. HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> Quarantined and deleted successfully. HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Data: C:\Program Files (x86)\DealPly\DealPly.crx -> Quarantined and deleted successfully. HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Data: cnet -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0CzztCzytByE0A0D0FtAyDtN0D0Tzu0CyCtCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1422333175&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtD0EtDyE0CzztCzytByE0A0D0FtAyDtN0D0Tzu0CyCtCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1422333175&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 28 C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial\icons_2.2.4.731 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> Delete on reboot. C:\Users\Ja Hizzle\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\Install (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\Offline\{636DC609-0D08-48AD-B488-20ECE1D00EA2} (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\Download (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\Offline (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0 (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully. Files Detected: 113 C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Windows\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\mysearchdial_speedial_v9.0.2.crx (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\mysearchdialTlbr.dll.21206994 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\Temp\mysearchdialEng.dll.21206994 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\Local Settings\Temporary Internet Files\Content.IE5\6PIP81QN\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> Delete on reboot. C:\Program Files (x86)\lucky leap\luckyleap.Common.dll (PUP.Optional.LuckyLeap.A) -> Delete on reboot. C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\lucky leap\sqlite3.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\icon.ico (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\uninst.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\DealPlyIE64.dll (PUP.Optional.DealPly) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\tah.config (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\Toparcadehits.dll (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> Quarantined and deleted successfully. C:\Users\Ja Hizzle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully. (end)
  13. Hey my browser has been hi jacked by "Mysearchdial", can i get some advice on how to remove it please? Cheers. Edit: Please read the Instructions and post the requested logs (MBAM, DDS, Security Check). We need the information in order to help you.
  14. Sure is! Cheers and Merry Christmas!!
  15. C:\$Recycle.Bin\S-1-5-21-4056392214-3610126436-3120573815-1001\$RMM3CMR.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\$Recycle.Bin\S-1-5-21-4056392214-3610126436-3120573815-1001\$ROSDPQ9.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Program Files (x86)\Vuze\bunndle.zip a variant of Win32/Bunndle application deleted - quarantined C:\Users\Ja Hizzle\Downloads\cbsidlm-tr1_8-Audio_Video_Synchronizer-SEO2-10907405.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined