DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482 BrowserJavaVersion: 10.25.2
Run by CowboyNoel at 19:00:58 on 2013-08-11
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.8087.5211 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
G:\Patzing\WinLaunch\WinLaunch.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Winamp\winampa.exe
G:\Program Files\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
G:\Program Files\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\PROGRA~2\Ad-Aware Antivirus\AdAware.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Patzing\WinLaunch\WinLaunch.exe
G:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
G:\Program Files (x86)\Evernote\Evernote\Evernote.exe
G:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
G:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.google.com
uURLSearchHooks: {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - G:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [WinLaunch] G:\Patzing\WinLaunch\WinLaunch.exe -hide
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [666BCC75C94E73BB3716BE2E81406E515461651C._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\COWBO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - G:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\COWBO_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - G:\Program Files\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Clip Image - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8C20A387-931F-466F-BC62-416F45A66A27} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 199.193.118.246
www.google-analytics.com.
Hosts: 199.193.118.246 connect.facebook.net.
Hosts: 199.193.118.246 platform.twitter.com.
Hosts: 93.115.241.27
www.google-analytics.com.
Hosts: 93.115.241.27 connect.facebook.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cowbo_000\AppData\Roaming\Mozilla\Firefox\Profiles\bq1vk9c7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&CUI=UN99168832815382295&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - appbario12 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=2&CUI=UN99168832815382295&UM=2&q=
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll
FF - plugin: C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\NPASCSafariPluginProtect.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - plugin: G:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - ExtSQL: 2013-07-31 13:31; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5
FF - ExtSQL: 2013-08-03 15:25;
speedanalysis02@SpeedAnalysis.com; C:\Users\Cowbo_000\AppData\Roaming\Mozilla\Firefox\Profiles\bq1vk9c7.default\extensions\
speedanalysis02@SpeedAnalysis.com
FF - ExtSQL: 2013-08-11 15:00;
firefox@passwordbox.com; C:\Users\Cowbo_000\AppData\Local\PasswordBox\Firefox
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="G:\Program Files (x86)\LibreOffice 4.0\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-11 20:10:00 39504 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-08-11 20:07:14 -------- d-----w- C:\Users\Cowbo_000\AppData\Roaming\LavasoftStatistics
2013-08-11 20:00:21 -------- d-----w- C:\Program Files (x86)\PasswordBox
2013-08-11 20:00:19 -------- d-----w- C:\Users\Cowbo_000\AppData\Local\PasswordBox
2013-08-11 19:55:16 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-08-11 18:22:29 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-08-11 18:22:27 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-11 18:22:18 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-08-11 18:22:17 -------- d-----w- C:\Users\Cowbo_000\AppData\Local\adawarebp
2013-08-11 18:22:17 -------- d-----w- C:\ProgramData\blekko toolbars
2013-08-11 18:22:10 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-08-11 18:21:57 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-08-11 18:21:57 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-08-11 18:19:40 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-08-11 18:19:40 -------- d-----w- C:\Users\Cowbo_000\AppData\Roaming\Ad-Aware Antivirus
2013-08-11 02:22:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-07 03:17:02 -------- d-----w- C:\Commune
2013-08-03 20:25:53 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-08-03 20:25:52 -------- d-----w- C:\Users\Cowbo_000\AppData\Roaming\PerformerSoft
2013-08-03 20:25:52 -------- d-----w- C:\Program Files (x86)\ffdshow
2013-08-03 20:25:50 19456 ----a-w- C:\Windows\System32\roboot64.exe
2013-08-03 20:25:48 -------- d-----w- C:\Users\Cowbo_000\AppData\Roaming\File Scout
2013-08-03 20:24:26 -------- d-----w- C:\Users\Cowbo_000\AppData\Roaming\RealNetworks
2013-07-25 17:16:19 -------- d-----w- C:\Users\Cowbo_000\AppData\Local\Data
2013-07-21 14:34:05 -------- d-----w- C:\Windows\System32\kodak
2013-07-21 14:31:55 -------- d-----w- C:\Users\Cowbo_000\AppData\Local\ElevatedDiagnostics
2013-07-21 06:30:20 -------- d-----w- C:\ProgramData\StarApp
2013-07-17 02:44:53 -------- d-----w- C:\Users\Cowbo_000\AppData\Local\Adobe
.
==================== Find3M ====================
.
2013-07-31 18:31:19 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-05 02:23:38 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-05 02:23:37 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-05 02:23:37 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-05 02:23:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-05 02:23:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-05 02:23:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-17 00:54:15 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-06-17 00:54:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-05-22 23:49:32 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-05-22 23:49:32 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
.
============= FINISH: 19:01:49.25 ===============