Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Slow computer with a pop up that will open and close really quickly.

0
0
In the past week my computer has started to get slower and slower. Now it takes forever to do anything (using the internet or just writing a document). When I boot my computer, there is a window that will open and close so quickly that I don't have a chance to see what it says. Please help me.




Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3686 Mb
Graphics Card: Mirage Driver, 3 Mb
Hard Drives: C: Total - 459847 MB, Free - 358098 MB; D: Total - 16989 MB, Free - 2122 MB;
Motherboard: PEGATRON CORPORATION, 2AD3
Antivirus: Microsoft Security Essentials, Updated and Enabled

error message and inspasio

0
0
I keep getting send error message and that inspasio exe, what do i need to do to get rid of this
Thank You
Vonzella:

Japanese popup wont go away

0
0
Hello
Im running windows 7 ultimate 64bit
Ive got a popup window when my computer boots
The process running is
mshta.exe


What steps do i need to do to get rid of it
Thanks Lee

My laptop drains my internet connection

0
0
Hello everyone,

Last week I started noticing that my internet connection started to become very slow. At first I thought this was just an issue at home. But when I started to visit friends and family and I turn on my laptop, they started to receive very high ping. I called my provider and asked if he could check my internet connection and he said that my ping was very high, and the moment I turned off my WiFi the ping dropped to normal, confirming that my laptop drains the internet.

I started to run virus scans in order to find malware without succes. My computer appears to be healthy. I put an image below of my internet source controll, and nothing seems to peek, but I seem to send about 800-1000 kbps without me even having any programs on. I also visited a lot of help forums without succes.

I would be delighted if someone could find me a solution for this problem since this is a brand new laptop. I added some images below.

Greetings,
Joost Dingemans

P.s. I noticed that my Windows Defender displays as disabled at the Tech Support Guy Info Utility, but when I open it it says enabled.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 8100 Mb
Graphics Card: Intel(R) HD Graphics Family, -2016 Mb
Hard Drives: C: Total - 432918 MB, Free - 250347 MB; D: Total - 25599 MB, Free - 22159 MB;
Motherboard: LENOVO, Lenovo Flex 2-15
Antivirus: Windows Defender, Disabled


WIFI signals and connection hardships, combined with crash/ freezing issues

0
0
sorry haven't had the chance to do the scan and finding it hard to connect again so have been using other pcs....

Chrome Update possible infection?

0
0
Hi TJ54,
As you may now know, that was NOT a Chrome Update.
Cardinal Rule #1 - Don't EVER update anything if prompted to do so while online.
There is a very large amount of junkware on there.
Let's see what we can do to clean it up.
-------------------------------------------------------------
AdwCleaner Download and Run

Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete.
When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
You will then be presented with the report. Copy & Paste it into a reply here.


If you lose track of the log, it is saved in this folder C:\AdwCleaner\
The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from AdwCleaner, and the two logs from OTL.
askey127

unauthorized remote access

0
0
Someone has unauthorized remote access to my computer so things like font size and spacing is off. How do I find and remove this access. I think it is hidden in another program or file so I can't find it. I have a 4 month old Dell computer with Windows 8

Hijacked/Phishing Problem

0
0
You are most welcome!
No need to post another HJT log.
Hijackthis is a bit outdated for the newer operating systems, so is not used much now.
Marking solved just gives an idea of the status.
I believe you can still post if necessary.
If you need to post and find you cannot for any reason, please send me a Private message, and we will get it corrected.

Boots to black screen with curser...

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6021 Mb
Graphics Card: Intel(R) HD Graphics Family, -1988 Mb
Hard Drives: C: Total - 935334 MB, Free - 874714 MB;
Motherboard: Gateway, SX2870
Antivirus: McAfee Anti-Virus and Anti-Spyware, Disabled

update.exe amazonaws

0
0
Hi, I have read several topic about this here. But the thing is every time, I restart my computer it comes out and eat up my internet quota. So I have run ComboFix, if I run the ComboFix it's gone, or if I leave it for a few minutes it's also gone, but sometimes it's comeback after a few mins or I restart my computer. So I wonder if it's malware. First time I found it is at Resource Monitor, shown as Update.exe where the address is s3-1-w.amazonaws.com. Thank you very much.


ComboFix Log:


ComboFix 14-10-15.01 - Rivaldi 10/15/2014 17:50:49.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8140.5999 [GMT 8:00]
Running from: c:\users\Rivaldi\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-09-15 to 2014-10-15 )))))))))))))))))))))))))))))))
.
.
2014-10-15 09:53 . 2014-10-15 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 15:54 . 2014-10-14 15:54 -------- d-----w- c:\users\Rivaldi\AppData\Local\My Games
2014-10-13 15:15 . 2014-10-13 15:15 -------- d-----w- c:\program files (x86)\Microsoft XNA
2014-10-10 10:16 . 2014-10-12 12:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-10-10 10:16 . 2014-10-10 10:16 -------- d-----w- c:\users\Rivaldi\AppData\Local\PunkBuster
2014-10-10 10:16 . 2014-10-10 10:16 -------- d-----w- c:\users\Rivaldi\AppData\Local\ESN
2014-10-10 10:13 . 2014-10-10 10:13 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-10-09 20:29 . 2014-10-12 12:01 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-10-09 20:29 . 2014-10-10 10:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-10-09 20:29 . 2014-10-09 20:29 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-10-08 15:44 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-08 15:44 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-10-07 13:32 . 2014-10-07 13:32 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Fujitsu
2014-10-07 13:32 . 2014-10-07 13:32 -------- d-----w- c:\users\Rivaldi\AppData\Local\Fujitsu
2014-10-07 13:30 . 2014-10-07 13:30 256 ---ha-w- c:\windows\SysWow64\LTAW14FN.BIN
2014-10-07 13:30 . 2014-10-07 13:30 256 ---ha-w- c:\windows\SysWow64\FJLTAFOU.BIN
2014-10-07 13:29 . 2014-10-07 13:30 -------- d-----w- c:\program files (x86)\ATLAS V14
2014-10-06 14:28 . 2014-10-06 14:30 -------- d-----w- c:\windows\system32\drivers\NISx64\1506000.020
2014-09-29 09:07 . 2014-09-29 09:07 -------- d--h--r- c:\users\Rivaldi\AppData\Roaming\SecuROM
2014-09-29 08:53 . 2014-09-29 08:52 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2014-09-29 04:47 . 2014-09-29 04:47 -------- d-----w- c:\program files\Common Files\Sony Shared
2014-09-29 04:47 . 2014-09-29 04:47 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2014-09-29 04:47 . 2014-09-29 04:47 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Sony Corporation
2014-09-29 04:46 . 2014-09-29 04:47 -------- d-----w- c:\programdata\Sony Corporation
2014-09-29 04:46 . 2014-09-29 04:46 -------- d-----w- c:\program files (x86)\Sony
2014-09-28 08:29 . 2014-09-28 08:29 -------- d-----w- c:\users\Rivaldi\AppData\Local\PopCap Games
2014-09-28 08:28 . 2014-09-28 08:28 -------- d-----w- c:\programdata\EA Core
2014-09-28 08:28 . 2014-10-10 10:16 -------- d-----w- c:\programdata\EA Logs
2014-09-28 08:26 . 2014-09-28 08:28 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2014-09-28 08:25 . 2014-09-28 08:25 -------- d-----w- c:\programdata\Qualcomm
2014-09-28 08:25 . 2014-09-28 08:25 -------- d-----w- c:\program files\Qualcomm Atheros
2014-09-28 08:24 . 2014-09-28 08:24 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Intel Corporation
2014-09-28 06:23 . 2014-09-28 06:52 -------- d-----w- c:\users\Rivaldi\AppData\Local\dxhr
2014-09-28 06:21 . 2014-09-28 06:21 -------- d-----w- c:\users\Rivaldi\AppData\Local\28050
2014-09-28 05:52 . 2014-09-28 05:52 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Trine2
2014-09-27 19:54 . 2014-10-09 20:30 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-09-27 19:14 . 2014-09-28 08:28 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Origin
2014-09-27 19:14 . 2014-09-28 08:41 -------- d-----w- c:\users\Rivaldi\AppData\Local\Origin
2014-09-27 19:09 . 2014-10-05 08:19 -------- d-----w- c:\programdata\Origin
2014-09-27 19:09 . 2014-09-28 08:29 -------- d-----w- c:\programdata\Electronic Arts
2014-09-26 15:01 . 2014-09-26 15:01 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Garena
2014-09-26 15:01 . 2014-09-26 15:01 -------- d-----w- c:\programdata\Garena
2014-09-25 16:17 . 2014-09-25 16:17 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\LolClient
2014-09-25 06:42 . 2014-09-25 06:42 -------- d-----w- c:\programdata\Riot Games
2014-09-25 06:34 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-09-25 06:34 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-09-25 06:34 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-09-25 06:33 . 2014-09-25 06:34 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Riot Games
2014-09-25 05:16 . 2014-09-25 05:16 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.58.1854
2014-09-25 05:11 . 2014-09-25 05:11 -------- d-----w- c:\users\Rivaldi\AppData\Local\Razer
2014-09-25 04:34 . 2014-09-25 04:33 1199831 ----a-w- c:\windows\unins001.exe
2014-09-25 04:32 . 2014-09-25 04:34 -------- d-----w- c:\program files (x86)\Corsair
2014-09-25 04:32 . 2014-09-25 04:32 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\Corsair Vengeance
2014-09-25 04:32 . 2014-09-25 04:31 1186175 ----a-w- c:\windows\unins000.exe
2014-09-25 04:32 . 2012-10-31 08:59 25600 ----a-w- c:\windows\system32\drivers\CORK95.sys
2014-09-24 10:26 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 10:26 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-24 06:02 . 2014-08-18 21:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-23 09:48 . 2014-09-27 07:56 -------- d-----w- c:\users\Rivaldi\AppData\Roaming\foobar2000
2014-09-23 09:48 . 2014-09-23 09:48 -------- d-----w- c:\program files (x86)\foobar2000
2014-09-22 12:27 . 2014-10-15 08:39 27552 ----a-w- c:\windows\system32\drivers\HWiNFO64A.SYS
2014-09-22 12:27 . 2014-10-15 08:39 -------- d-----w- c:\program files\HWiNFO64
2014-09-22 10:41 . 2014-05-22 05:54 475672 ----a-w- c:\windows\system32\ASProxy64.dll
2014-09-22 10:41 . 2014-05-22 05:54 359960 ----a-w- c:\windows\SysWow64\ASProxy.dll
2014-09-22 10:41 . 2014-05-17 08:45 31744 ----a-w- c:\windows\system32\drivers\asvpndrv.sys
2014-09-18 17:23 . 2014-09-18 17:23 -------- d-----w- C:\ArcheAge
2014-09-18 12:19 . 2014-09-18 12:20 -------- d-----w- c:\program files\TAP-Windows
2014-09-18 12:19 . 2014-09-18 12:19 -------- d-----w- c:\program files (x86)\VPN Unlimited
2014-09-18 11:18 . 2008-10-14 22:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-09-18 11:18 . 2008-10-14 22:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2014-09-18 11:18 . 2008-10-14 22:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2014-09-18 11:18 . 2008-10-14 22:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2014-09-18 11:18 . 2008-10-14 22:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2014-09-18 11:18 . 2008-10-14 22:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2014-09-17 11:38 . 2014-09-17 11:38 -------- d-----w- c:\users\Rivaldi\AppData\Local\Glyph
2014-09-17 11:38 . 2014-09-17 11:38 -------- d-----w- c:\programdata\Glyph
2014-09-16 02:39 . 2014-09-16 02:39 -------- d-sh--w- c:\users\Rivaldi\AppData\Local\EmieUserList
2014-09-16 02:39 . 2014-09-16 02:39 -------- d-sh--w- c:\users\Rivaldi\AppData\Local\EmieSiteList
2014-09-16 02:32 . 2014-09-16 02:32 -------- d-----w- c:\windows\SysWow64\Wat
2014-09-16 02:32 . 2014-09-16 02:32 -------- d-----w- c:\windows\system32\Wat
2014-09-15 21:39 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-09-15 21:39 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-09-15 21:39 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-09-15 21:39 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-09-15 21:39 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-09-15 21:38 . 2014-09-15 21:38 -------- d-----w- c:\windows\Migration
2014-09-15 21:37 . 2013-10-14 10:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-09-15 21:35 . 2014-09-15 21:35 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-15 21:12 . 2014-09-15 21:14 -------- d-----w- c:\windows\system32\MRT
2014-09-15 21:12 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-15 21:12 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-15 21:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-09-15 21:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-15 21:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-09-15 21:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-15 21:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-09-15 21:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-09-15 21:10 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-15 21:10 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-15 20:02 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-15 20:02 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-09-15 19:58 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-09-15 19:58 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-09-15 19:55 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-09-15 19:55 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-09-15 19:54 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-09-15 19:54 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2014-09-15 19:54 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-09-15 19:54 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-09-15 19:54 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-09-15 19:54 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-09-15 19:54 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-09-15 19:54 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2014-09-15 19:54 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-09-15 19:54 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-09-15 19:53 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-15 19:53 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-15 19:51 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-09-15 19:51 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-09-15 19:46 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-09-15 19:46 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-09-15 19:46 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-09-15 19:46 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-09-15 19:46 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-09-15 19:46 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 18:17 . 2014-09-11 18:17 5185536 ----a-r- c:\users\Rivaldi\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2014-09-11 18:17 . 2014-09-11 18:17 28672 ----a-r- c:\users\Rivaldi\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2014-09-10 04:57 . 2014-02-06 04:36 16672 ----a-w- c:\windows\system32\drivers\AppleMNT.sys
2014-09-10 04:57 . 2014-02-06 04:36 72992 ----a-w- c:\windows\system32\drivers\AppleHFS.sys
2014-09-10 00:27 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2014-09-10 00:27 . 2013-09-24 14:51 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2014-09-10 00:27 . 2013-12-06 22:04 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-10 00:27 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-10 00:27 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-10 00:27 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-10 00:27 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-10 00:27 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-10 00:27 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-10 00:27 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-10 00:27 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe
2014-09-10 00:27 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-10 00:27 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-10 00:27 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-10 00:27 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-10 00:27 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll
2014-09-10 00:27 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-10 00:27 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-10 00:27 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-09-10 00:27 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-09-10 00:27 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-10 00:27 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-10 00:27 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-10 00:27 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-10 00:27 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-10 00:27 . 2013-12-06 22:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-10 00:27 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-10 00:27 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-10 00:27 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-10 00:27 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-09-10 00:27 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-09-10 00:27 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-09-10 00:27 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-09-10 00:27 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-10 00:27 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-10 00:27 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-10 00:27 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-10 00:27 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-10 00:27 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-10 00:27 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-10 00:27 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-10 00:27 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-10 00:27 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-10 00:27 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-10 00:27 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-10 00:27 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-10 00:27 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-10 00:27 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-10 00:27 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-10 00:27 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-10 00:27 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-10 00:27 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-10 00:27 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-10 00:27 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-10 00:27 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-10 00:27 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-10 00:27 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-10 00:27 . 2013-04-10 15:34 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2014-09-10 00:27 . 2013-04-10 15:34 332800 ----a-w- c:\windows\system32\ATIODE.exe
2014-09-10 00:27 . 2013-04-10 15:34 118784 ----a-w- c:\windows\system32\atibtmon.exe
2014-09-10 00:27 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll
2014-09-10 00:27 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-09-10 00:27 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-10 00:27 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll
2014-09-10 00:27 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-09-09 15:05 . 2014-09-09 15:05 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-09-09 15:01 . 2014-09-09 15:01 22280 ----a-w- c:\windows\SysWow64\drivers\AsrDrv101.sys
2014-08-30 13:36 . 2014-08-30 13:36 78336 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll
2014-08-25 03:44 . 2014-08-25 03:44 895488 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-08-23 02:07 . 2014-09-10 01:06 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-10 01:06 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-10 01:06 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-21 03:37 . 2014-08-21 03:37 40104 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2014-08-21 03:37 . 2014-08-21 03:37 156328 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-08-13 11:28 . 2014-08-13 11:28 356864 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2014-08-07 09:53 . 2014-08-07 09:53 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-08-07 09:53 . 2014-08-07 09:53 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-08-07 09:53 . 2014-08-07 09:53 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-08-01 11:53 . 2014-09-10 01:04 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 01:04 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-24 18:35 . 2014-07-24 18:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 15:47 . 2014-07-24 15:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120]
"GarenaPlus"="f:\program files\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"HFS Activator"="c:\program files (x86)\Paragon Software\HFS+ for Windows 10.0\activation\hfsactivator.exe" [2013-01-16 245456]
"Corsair K95"="c:\program files (x86)\Corsair\K95 Keyboard\K95Hid.exe" [2013-06-26 1785856]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-09-22 2711576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 ASRockIOMon;ASRock IO Monitor Service;c:\program files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe;c:\program files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleHFS;AppleHFS; [x]
R3 AsrHidFilter;AsrHidFilter;c:\windows\system32\DRIVERS\AsrHidFilter.sys;c:\w indows\SYSNATIVE\DRIVERS\AsrHidFilter.sys [x]
R3 AsrSetupDrv;AsrSetupDrv;c:\windows\SysWOW64\Drivers\AsrSetupDrv.sys;c:\wind ows\SysWOW64\Drivers\AsrSetupDrv.sys [x]
R3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys;c:\windows\SYSNATIVE\DRIVE RS\asvpndrv.sys [x]
R3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys;c:\windows\SysWOW64 \Drivers\AxtuDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\driv ers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNA TIVE\drivers\EagleX64.sys [x]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys;c:\windows\SYSNATIV E\DRIVERS\hfsplus.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIV E\drivers\rdpvideominiport.sys [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys;c:\windows\SYSNATIVE\D RIVERS\apmwin.sys [x]
S0 AppleMNT;AppleMNT; [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows \SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys;c:\windows\SYSNATIVE\DRIV ERS\gpt_loader.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIV E\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIV E\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3hcs.sys [x]
S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys;c:\windows\SYSNATIVE\DRIVE RS\mounthlp.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c :\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVE RS\bflwfx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drive rs\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys;c:\windows \SYSNATIVE\DRIVERS\hfsplusrec.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S2 OD;Orbweb ME Process;c:\program files (x86)\Kloudian\Orbweb Me\process.exe;c:\program files (x86)\Kloudian\Orbweb Me\process.exe [x]
S2 OM;Orbweb ME;c:\program files (x86)\Kloudian\Orbweb Me\core.exe;c:\program files (x86)\Kloudian\Orbweb Me\core.exe [x]
S2 OU;Orbweb Update;c:\program files (x86)\Kloudian\Orbweb Me\update\update.exe;c:\program files (x86)\Kloudian\Orbweb Me\update\update.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Syn apse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x]
S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SVCM;Application Publishing Service APS;c:\program files (x86)\kloudian\svcmain.exe;c:\program files (x86)\kloudian\svcmain.exe [x]
S2 VPNUnlimitedService;VPN Unlimited Service;c:\program files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe??????N;c:\program files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe??????N [x]
S3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys;c:\windows\SYSNATIVE\DRIVE RS\arusb_lhx.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVE RS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVE RS\asmtxhci.sys [x]
S3 AsrDrv101;AsrDrv101;c:\windows\SysWOW64\Drivers\AsrDrv101.sys;c:\windows\Sy sWOW64\Drivers\AsrDrv101.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drive rs\AtihdW76.sys [x]
S3 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141003.001\BHDrvx64.s ys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20141003.001\BHDrvx64.s ys [x]
S3 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\wind ows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S3 CORK95;Corsair K95 Gaming Keyboard;c:\windows\system32\drivers\CORK95.sys;c:\windows\SYSNATIVE\driver s\CORK95.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141010.001\IDSvia64.sy s;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20141010.001\IDSvia64.sy s [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVER S\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVER S\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIV E\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\I SCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DR IVERS\e22w7x64.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIV E\DRIVERS\rzendpt.sys [x]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE \drivers\RzMaelstromVAD.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\r zudd.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows \SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\w indows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\window s\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\window s\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 04:30 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09 15:01]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09 15:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-26 13636824]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-04-03 5860656]
"Gesture"="c:\program files (x86)\Kloudian\Orbweb Me\cconsole-7.exe" [2014-10-09 11776]
"apmwinapp"="c:\program files (x86)\Paragon Software\HFS+ for Windows 10.0\apmwinsrv.exe" [2013-01-16 66768]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SY S"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2183377673-1844674717-3060137607-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,86,aa,6f,57,13,5a,75,a7,c3,23,11,b9,05,ca,26,4e,c7,72,51, 7e,
50,ce,6e,08,ce,45,4c,54,3c,d6,7f,14,26,7a,b8,6d,ea,2f,d5,59,d6,0a,50,ec,58, \
"rkeysecu"=hex:8b,a4,13,c7,15,9c,a6,de,a1,c4,08,63,4d,50,f1,43
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-15 17:54:06
ComboFix-quarantined-files.txt 2014-10-15 09:54
ComboFix2.txt 2014-10-15 09:41
ComboFix3.txt 2014-10-15 09:22
.
Pre-Run: 71,267,938,304 bytes free
Post-Run: 71,203,610,624 bytes free
.
- - End Of File - - 61325A98FD0843319C32D20D70303EAB
A36C5E4F47E84449FF07ED3517B43A31

Problems with Firefox

0
0
OS is Windows 7, 64-bit. Browser is Firefox (v 33.0). Symptoms - broken image icon to my photos uploaded to a certain Website (I can see other people's but not my own) and when I open Firefox, in a few seconds it re-loads. Attached is a screen shot of my system components using Speccy. I've tried the browser in its OWN safe mode and resetting it, but the problem persists. I also ran an OTL scan. Anything looks suspicious?


OTL logfile created on: 10/15/2014 7:42:40 AM - Run 8
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Owner\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.23% Memory free
5.98 Gb Paging File | 4.68 Gb Available in Paging File | 78.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 929.56 Gb Total Space | 748.77 Gb Free Space | 80.55% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.75 Gb Free Space | 89.72% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/25 07:11:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2012/07/20 15:32:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe


========== Modules (No Company Name) ==========

MOD - [2014/09/25 07:10:48 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/25 06:58:33 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 03:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 D4 5F 2D 44 D1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/25 07:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/12 11:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/10/08 05:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967\extensions
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/09/25 07:10:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/09/25 07:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 07:11:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/07/05 11:08:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/15 06:29:17 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 06:29:17 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 06:29:17 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 06:29:17 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 06:29:16 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 06:29:16 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 06:29:02 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/15 06:29:02 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/15 06:29:02 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/15 06:29:01 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/15 06:28:58 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/15 06:28:56 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/15 06:28:55 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/15 06:28:55 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/15 06:28:54 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/15 06:28:54 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/15 06:28:51 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/15 06:28:50 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/15 06:28:50 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/15 06:28:50 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/15 06:28:49 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/15 06:28:49 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/15 06:28:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/15 06:28:49 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/15 06:28:48 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/15 06:28:48 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/15 06:28:47 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/15 06:28:47 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/15 06:28:47 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/15 06:28:47 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/15 06:28:47 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/15 06:28:46 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/15 06:28:46 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/15 06:28:45 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/15 06:28:45 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/15 06:28:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/15 06:28:45 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/15 06:28:45 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/15 06:28:45 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/15 06:28:44 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/15 06:28:44 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/15 06:28:44 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/15 06:28:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/15 06:28:43 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/15 06:28:43 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/15 06:28:43 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/15 06:28:43 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/15 06:28:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/15 06:28:42 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/15 06:28:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/15 06:28:42 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/15 06:28:42 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/15 06:28:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/15 06:28:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/15 06:28:41 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/15 06:28:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/15 06:28:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/15 06:28:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/15 06:28:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/15 06:28:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/15 06:28:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/15 06:28:40 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/15 06:28:40 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/15 06:28:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/15 06:28:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/15 06:28:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/15 06:28:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/15 06:28:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/15 06:28:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/15 06:28:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/15 06:28:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/15 06:28:32 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 06:28:31 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 06:28:31 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 06:28:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 06:28:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 06:28:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 06:28:29 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 06:28:29 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 06:28:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 06:28:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 06:28:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 06:28:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 06:28:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 06:28:26 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 06:28:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 06:28:25 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 06:28:25 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 06:28:25 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 06:28:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 06:28:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 06:28:23 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 06:28:23 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 06:28:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 06:28:22 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 06:28:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 06:28:21 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 06:28:21 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 06:28:21 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 06:28:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 06:28:19 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 06:28:19 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 06:28:19 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 06:28:19 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 06:28:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 06:28:18 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 06:28:17 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 06:28:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 06:28:17 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 06:27:43 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 06:27:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 06:27:37 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 06:27:32 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 06:27:32 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 06:27:31 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 06:27:31 | 001,113,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/15 06:27:31 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 06:27:31 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 06:27:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 06:27:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 06:27:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 06:27:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 06:27:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/03 14:09:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Firefox Data
[2014/10/01 05:22:58 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/10/01 05:22:58 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/25 07:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/10/15 06:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/15 06:52:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 06:52:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 06:52:25 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/15 06:52:25 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/15 06:52:25 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/15 06:48:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/10/15 06:47:04 | 000,298,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/15 06:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/15 06:46:44 | 2409,082,880 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/13 12:46:51 | 001,785,387 | ---- | M] () -- C:\Users\Owner\Documents\George's writings corrected.pdf
[2014/10/13 12:46:37 | 001,771,720 | ---- | M] () -- C:\Users\Owner\Documents\George's writings corrected.odt
[2014/10/13 06:18:54 | 000,016,005 | ---- | M] () -- C:\Users\Owner\Documents\Celebrity Deaths 2014.odt
[2014/10/13 06:07:15 | 000,031,750 | ---- | M] () -- C:\Users\Owner\Documents\Comaprative Analysis of Daniel and Revelation.odt
[2014/10/13 05:55:48 | 017,076,224 | ---- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/10/13 05:55:48 | 011,357,184 | ---- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2014/10/12 05:13:54 | 000,012,849 | ---- | M] () -- C:\Users\Owner\Documents\Weight 2014.ods
[2014/10/09 22:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 22:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/09 22:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/07 08:58:52 | 000,000,142 | ---- | M] () -- C:\Windows\funcrd95.ini
[2014/10/06 14:41:36 | 000,014,472 | ---- | M] () -- C:\Users\Owner\Documents\Columbus Day weekend sale.odt
[2014/09/30 09:29:20 | 000,022,573 | ---- | M] () -- C:\Users\Owner\Documents\George's writings.odt
[2014/09/27 06:20:42 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2014/09/25 18:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/25 18:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/25 18:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/25 06:58:32 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/25 06:58:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/24 22:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/24 21:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/18 21:55:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/18 21:40:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/18 21:40:03 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/18 21:39:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/18 21:38:27 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/18 21:36:57 | 005,829,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/18 21:30:58 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/18 21:27:09 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/18 21:26:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/18 21:25:09 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/18 21:18:02 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/18 21:14:28 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/18 21:06:47 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/18 21:01:47 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/18 21:01:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/18 21:01:03 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/18 21:00:45 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/18 20:59:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/18 20:58:03 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/18 20:53:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/18 20:51:24 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/18 20:50:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/18 20:49:31 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/18 20:42:57 | 000,731,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/18 20:42:56 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/18 20:40:12 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/18 20:36:23 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/18 20:32:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/18 20:18:55 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/18 19:59:26 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/18 19:52:24 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/17 22:00:42 | 003,241,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

========== Files Created - No Company Name ==========

[2014/10/13 12:46:47 | 001,785,387 | ---- | C] () -- C:\Users\Owner\Documents\George's writings corrected.pdf
[2014/10/10 05:11:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/10/02 10:03:05 | 001,771,720 | ---- | C] () -- C:\Users\Owner\Documents\George's writings corrected.odt
[2014/09/30 08:32:47 | 000,022,573 | ---- | C] () -- C:\Users\Owner\Documents\George's writings.odt
[2014/09/18 13:20:12 | 000,031,750 | ---- | C] () -- C:\Users\Owner\Documents\Comaprative Analysis of Daniel and Revelation.odt
[2013/02/03 07:17:16 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.Owner.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached Images
File Type: jpg Speccy.jpg (85.3 KB)

How to get files from pendrive?

0
0
Hi

I have 10 GB files in my pendrive but I am not able to see it those files are invisible. I change the folder option but still those aare invisible how can I get my files back . Can any one please help me to get my files back?

Regards
Binoy

HiJack this query

0
0
First of thanks for letting me join, great site!!! :) Im just wondering if someone can help...I new to this software 'hijack this', can someone help to find anything on this list that's a little suspect!? :) thanks lee

Attached Files
File Type: log hijackthis.log (11.3 KB)

sjstny browser hijack removal

0
0
pattycakes87,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

utorrent

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------------------
Suggest Replacing Advanced System Care with MS Security Essentials.
IoBit has a checkered past, at best.
You might want to read here and any associated links and decide for yourself.
https://forums.malwarebytes.org/inde...ft-conclusion/
I would suggest you uninstall Advanced System Care and then install the free MS Security Essentials from here.
http://windows.microsoft.com/en-us/w...tials-download
It's your call.

You can also Uninstall IoBits' SmartDefrag, and then install MyDefrag from Here:
http://www.mydefrag.com/
That would get rid of all items from that company and give you equivalent or superior resuts.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right Click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected...
    • let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be unchecked/ignored) & then choose reboot.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127

Linkbucks Browser Hijacker

0
0
My laptop was infected with linkbucks browser hijacker that randomly redirects google search results and webpages to linkbucks ad page. It happens randomly and only rarely; sometimes I can open pages just fine to the point that I thought the removal process was successful just before the hijacker return.

This happened once before and I managed to solved it by using ADWCleaner, MBAM and HitmanPro. This time, however, the hijacker remain even after completing the whole process 2-3 times. Multiple scans with HitmanPro returned with clean result and Avast didn't help at all.

I've also tried removing it manually (by locating infected registry associated with linkbucks) to no avail.

I've tried the steps listed here: http://forums.techguy.org/virus-othe...-hijacker.html

from ADWCleaner into MBAM into ComboFix; it's still there.

Any help or suggestion is very much appreciated; I'd rather not clean install everything.

EDIT: if it's of any importance, the virus redirects me to www.any.gs/ARCvC/url/

My system information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8077 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 204899 MB, Free - 134359 MB; D: Total - 407901 MB, Free - 291838 MB; E: Total - 102499 MB, Free - 90787 MB; G: Total - 953868 MB, Free - 748809 MB;
Motherboard: ASUSTeK COMPUTER INC., K46CM
Antivirus: Avira Desktop, Updated and Enabled

Audio virus playing in background

Unable to access internet via WiFi after multiple malware removals

0
0
Hi all, My friend asked me to look at his laptop as he had an error message relating to a .dll file. This error box would pop up roughly 100 hundred times during loading. I managed to get rid of some of the malware on the computer, including Greener Web. Since then the .dll error message has stopped, but i'm unable to access the internet via WiFi. Can anyone help? Cheers

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-350 Processor, AMD64 Family 20 Model 1 Stepping 0
Processor Count: 2
RAM: 3693 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 476837 MB, Free - 428152 MB;
Motherboard: PEGATRON CORPORATION, TKBSB
Antivirus: Microsoft Security Essentials, Updated and Enabled

My data files have been hacked and encrypted

0
0
Welcome to TSG.

It is called Ransomware. There is not much we can do to decrypt these files. Many experts are working on a solution.

Download the IdTool from here. Run the tool and post its report.

Virus? "kccococ"

0
0
Hello. First: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 8.1, 64 bit Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1 Processor Count: 4 RAM: 3554 Mb Graphics Card: AMD Radeon HD 7640G, 512 Mb Hard Drives: C: Total - 584104 MB, Free - 420422 MB; D: Total - 25135 MB, Free - 3012 MB; Motherboard: Hewlett-Packard, 1849 Antivirus: Kaspersky Internet Security, Updated and Enabled So, my HP laptop has been slow these days. While on sites like Youtube my laptop will freeze and a prompt comes up: "Warning: Unresponsive Plugin". My choices are "Continue" or "Stop Plugin". I usually choose "Continue" and eventually I will be able to play videos. Then today I noticed when I go to the "tiles" on Windows 8.1 there's a new word near the top left corner where it says "Start". This word is "kccococ". Now, I should also mention that my Kaspersky expired on 10/12/14 and I didn't renew it until just now, 10/16/14. In that time I did log onto my bank (yeah, I know) and many other emails, social media sites. I just ran the "Quick Scan" and that looked good. Now I am running the "Full Scan" and I'm about 7% in. My laptop is extremely slow now and I'm a bit worried. I appreciate any input/help. Thank you in advance!

EXE problem - possibly "bootExecute" reverted

0
0
Good morning

I was redirected here from another thread I have posted on the site. After all the previous help, i was eventually told that my laptop's "bootexecute" has reverted, either due to my anti-virus program or my laptop is, in actual fact, infected.

This was my original post:

I've never used such forums before,and I have NO innate computer knowledge, so please forgive the lengthy explanations. My laptop uses Windows 7 Home Basic, and I have an ACER Aspire One laptop - if this means anything to you.

Firstly, I noticed a few months ago that when i tried to open a folder in my photos, it said "THE FILE OF DIRECTORY IS CORRUPTED AND UNREADABLE". I have since noticed that a number of other files are following the same suit, including my downloaded skype software.

I checked online and they suggest doing a chkdsk check - which i tried, but was unsuccessful with. However, i don't know if I am doing it correctly. What is going on?

I am not tech savvy, so basic english advice would be preferred please. Thank you, I look forward to hearing what you might have to suggest.....

NOW, after many many posts back and forth (this link will show the actual thread http://forums.techguy.org/windows-7/...e-problem.html), I was redirected here for additional help. I have run ALL anti-virus checks, malware checks, adware checks, etc etc etc - all of which was suggested in the thread - but nothing has helped. Instead of me rewriting everything, I beg you to look at the original posting. If there is confusion, I will, of course, rewrite it all. I was told to include the TSG sysinfo log, which is below.

Thanks in advance for any help you might assist me with.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU 967 @ 1.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3932 Mb
Graphics Card: Intel(R) HD Graphics, 1838 Mb
Hard Drives: C: Total - 460453 MB, Free - 395475 MB;
Motherboard: Acer, Mimic
Antivirus: Microsoft Security Essentials, Updated and Enabled
Viewing all 4746 articles
Browse latest View live




Latest Images