abe10tiger
Posts: 611 +16
Sudden crashes, RAM hitting 100% causing my pc to become unresponsive, Firefox hangs all the time and PC becomes so slow at random times. Yup. Any help would be great. Scanned the system with MBAM and the results showed infection. Below are the results. Thanks!
Malwarebytes Anti-Malware Scan results:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/12/2014
Scan Time: 11:37:52 AM
Logfile: scan.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.11.14
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Abe10tiger
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352839
Time Elapsed: 20 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 2
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{F3FEE66E-E034-436a-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F3FEE66E-E034-436A-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 25
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2), No Action By User,[73a7a782e49754e213f4e367d62e0bf5]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff"), No Action By User,[0515df4a99e2f73f1aed5feb21e3cd33]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"), No Action By User,[c357f3362655e551aa5d96b4828237c9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q"), No Action By User,[bd5dc168770445f18c7b6edc56ae8e72]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "897699611"), No Action By User,[0416e940f388122456b14ffb1de7e61a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", ""), No Action By User,[38e21811c3b890a647c01832a361b34d]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true), No Action By User,[ba6051d85d1e75c19f683a10857f1fe1]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true), No Action By User,[41d9c762186358de9374aaa09f65758b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false), No Action By User,[51c98d9cd4a760d65daa1a30d232d62a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true), No Action By User,[76a43cedea919f979770ba9052b24cb4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir="), No Action By User,[49d1f039bdbe58de1fe8a9a144c007f9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "10673511D8679641"), No Action By User,[ff1baa7fcdae16206d9ac783d72d17e9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16145"), No Action By User,[c3573dec2952cd6957b0c08a897bb54b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "140305_a"), No Action By User,[4dcd2dfcbbc0270faa5d0941e91b926e]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir="), No Action By User,[0c0e0227dba0a78f54b3e763699b7e82]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial"), No Action By User,[ad6d96935a21cc6a8087bb8f3fc5f907]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"), No Action By User,[f426f83199e20e28f413fb4f0ff5e917]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"), No Action By User,[b763d059bdbe3204ec1bf95108fcf808]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base"), No Action By User,[f624e5441a611c1aaa5d77d3cd371ee2]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&...CyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q="), No Action By User,[72a80d1c126974c2d0378fbbde263dc3]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"), No Action By User,[ec2e6cbdc4b7d16518ef54f608fc2cd4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"), No Action By User,[08124edbc2b9072f8f784505788cd030]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false), No Action By User,[ea30d356cab1e4521fe899b1798b8d73]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none"), No Action By User,[8b8f9c8d5526ea4c8b7c19316a9a4ab6]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:28:16"), No Action By User,[70aa56d397e473c3f413ba90996b37c9]
Physical Sectors: 0
(No malicious items detected)
(end)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Abe10tiger at 13:37:58 on 2014-04-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.2047.684 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files\idt\wdm\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock: {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - LocalServer32 - <no file>
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Abe10tiger\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [dzleyclwdn] wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs"
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti Keylogger Virtual Keyboard ] "C:\Program Files (x86)\Anti Keylogger Virtual Keyboard\keyboard.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dzleyclwdn.vbs
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA42F348-BB24-4AB2-92AC-B21630D0F7AF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} -
x64-Run: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\NPRobloxProxy.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Abe10tiger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.irmysearch.aflt - ir_14_11_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 897699611
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q=
FF - user.js: extensions.mysearchdial.id - 10673511D8679641
FF - user.js: extensions.mysearchdial.instlDay - 16145
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:28:16
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_11_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 897699611
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-11-5 54848]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-31 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-6 270912]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-3-16 881952]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-5 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-5 440400]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-11-5 1017424]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-3-17 807800]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-31 108440]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-12 857912]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-28 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-28 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-28 411936]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-8-5 115312]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2012-10-25 222904]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-12 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-12 63192]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-28 39200]
R3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-10-13 17160]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ProtectMonitor;Protect Monitor;C:\Program Files (x86)\PCData\StartHelp.exe [2014-3-13 90680]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-9-1 2503504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-21 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-7 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-12 19:25:36 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-12 19:24:38 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-12 19:24:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-12 19:24:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 18:39:04 -------- d-----w- C:\Crash
2014-04-05 12:39:18 154 ----a-w- C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
2014-04-05 12:31:27 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\SCE
2014-04-03 19:52:06 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\UWebKit
2014-04-03 19:51:51 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\.mono
2014-03-28 17:43:15 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-28 16:56:12 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\NVIDIA Corporation
2014-03-28 16:54:52 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-28 16:54:51 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-03-28 16:52:09 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-28 16:52:09 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-28 16:52:09 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-22 15:15:07 -------- d-----w- C:\Program Files (x86)\Application Updater
2014-03-22 15:15:06 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2014-03-21 21:04:24 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-21 21:04:24 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-21 05:02:15 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-03-21 04:40:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-03-21 04:40:34 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-03-21 04:40:34 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-03-21 04:40:34 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-03-21 04:16:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-03-21 04:12:12 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-03-21 04:10:51 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-03-21 04:10:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-03-21 04:10:51 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-03-21 04:05:17 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-03-21 04:05:17 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-03-18 04:18:50 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-03-18 04:18:50 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-03-18 04:17:48 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-18 04:17:48 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-18 04:17:47 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-03-18 04:17:47 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-03-18 04:17:47 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-03-18 04:17:47 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-03-18 04:17:33 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-03-18 04:17:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-03-18 04:17:03 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-03-18 04:17:02 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-03-18 04:17:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-03-18 04:17:02 111448 ----a-w- C:\Windows\System32\consent.exe
2014-03-18 04:14:29 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-03-18 04:07:33 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-03-18 04:06:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-18 04:05:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-03-18 04:05:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-03-18 04:05:50 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-03-18 04:05:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-03-18 04:05:34 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-03-18 04:05:34 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-03-18 04:05:28 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2014-03-18 04:05:28 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-03-18 04:05:26 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-18 04:05:25 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-18 04:05:06 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-03-18 04:05:06 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-03-18 03:54:48 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-03-18 03:54:48 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-03-18 03:49:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-03-18 03:49:52 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-03-18 03:38:09 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:38:09 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-03-18 03:38:09 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-03-18 03:38:09 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-03-18 03:38:09 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:37:58 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:58 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:56 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-03-18 03:37:56 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-18 03:33:25 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-03-18 03:33:25 136704 ----a-w- C:\Windows\System32\browser.dll
2014-03-18 03:33:24 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-03-18 03:33:12 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-03-18 03:33:11 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-03-18 03:33:11 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-03-18 03:33:11 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-03-18 03:32:31 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-03-18 03:32:31 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-03-18 03:32:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-03-18 03:32:31 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-03-18 03:32:31 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-03-18 03:32:31 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-03-18 03:32:31 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-03-18 03:32:31 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-03-18 03:32:27 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-03-18 03:32:18 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-03-18 03:32:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-03-18 03:32:18 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-03-18 03:26:32 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-03-18 03:26:32 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-03-18 03:26:32 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-03-18 03:26:32 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-03-18 03:26:32 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-16 22:53:34 -------- d-----w- C:\IObit
2014-03-16 15:43:35 -------- d-----w- C:\ProgramData\ProductData
2014-03-16 15:43:30 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-16 15:35:00 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-03-16 05:18:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-16 04:25:59 -------- d-----w- C:\s
2014-03-16 04:25:31 -------- d-----w- C:\Program Files (x86)\PCData
2014-03-16 04:25:07 -------- d-----w- C:\Users\Abe10tiger\.android
2014-03-16 04:25:05 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\cache
2014-03-16 04:25:01 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\Mobogenie
2014-03-16 04:24:25 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\SupTab
2014-03-16 04:24:22 -------- d-----w- C:\ProgramData\WPM
2014-03-16 04:23:30 -------- d-----w- C:\Program Files (x86)\DoubleOptMedia
2014-03-16 04:22:00 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\22980
.
==================== Find3M ====================
.
2014-04-12 19:09:49 151552 ----a-w- C:\Windows\KMSEmulator.exe
2014-04-11 16:14:20 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 16:14:20 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 16:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-21 04:12:12 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-21 04:09:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-04 14:35:23 9728064 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-17 20:41:24 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-31 09:04:35 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-01-31 09:04:35 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-24 01:40:18 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-01-18 00:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 13:39:35.60 ===============
Malwarebytes Anti-Malware Scan results:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/12/2014
Scan Time: 11:37:52 AM
Logfile: scan.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.11.14
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Abe10tiger
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352839
Time Elapsed: 20 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 2
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{F3FEE66E-E034-436a-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],
PUP.Optional.YTDToolbar, HKU\S-1-5-21-570735593-1496461725-3492070277-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F3FEE66E-E034-436A-86E4-9690573BEE8A}, No Action By User, [839792976912f3431adf31dfa35ffb05],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 25
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2), No Action By User,[73a7a782e49754e213f4e367d62e0bf5]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff"), No Action By User,[0515df4a99e2f73f1aed5feb21e3cd33]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"), No Action By User,[c357f3362655e551aa5d96b4828237c9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q"), No Action By User,[bd5dc168770445f18c7b6edc56ae8e72]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "897699611"), No Action By User,[0416e940f388122456b14ffb1de7e61a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", ""), No Action By User,[38e21811c3b890a647c01832a361b34d]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true), No Action By User,[ba6051d85d1e75c19f683a10857f1fe1]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true), No Action By User,[41d9c762186358de9374aaa09f65758b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false), No Action By User,[51c98d9cd4a760d65daa1a30d232d62a]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true), No Action By User,[76a43cedea919f979770ba9052b24cb4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir="), No Action By User,[49d1f039bdbe58de1fe8a9a144c007f9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "10673511D8679641"), No Action By User,[ff1baa7fcdae16206d9ac783d72d17e9]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16145"), No Action By User,[c3573dec2952cd6957b0c08a897bb54b]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "140305_a"), No Action By User,[4dcd2dfcbbc0270faa5d0941e91b926e]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&...tGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir="), No Action By User,[0c0e0227dba0a78f54b3e763699b7e82]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial"), No Action By User,[ad6d96935a21cc6a8087bb8f3fc5f907]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"), No Action By User,[f426f83199e20e28f413fb4f0ff5e917]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"), No Action By User,[b763d059bdbe3204ec1bf95108fcf808]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base"), No Action By User,[f624e5441a611c1aaa5d77d3cd371ee2]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&...CyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q="), No Action By User,[72a80d1c126974c2d0378fbbde263dc3]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"), No Action By User,[ec2e6cbdc4b7d16518ef54f608fc2cd4]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"), No Action By User,[08124edbc2b9072f8f784505788cd030]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false), No Action By User,[ea30d356cab1e4521fe899b1798b8d73]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none"), No Action By User,[8b8f9c8d5526ea4c8b7c19316a9a4ab6]
PUP.Optional.MySearchDial.A, C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.015:28:16"), No Action By User,[70aa56d397e473c3f413ba90996b37c9]
Physical Sectors: 0
(No malicious items detected)
(end)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Abe10tiger at 13:37:58 on 2014-04-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.63.1033.18.2047.684 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files\idt\wdm\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock: {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - LocalServer32 - <no file>
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Abe10tiger\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [dzleyclwdn] wscript.exe //B "C:\Users\Abe10tiger\AppData\Roaming\dzleyclwdn.vbs"
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti Keylogger Virtual Keyboard ] "C:\Program Files (x86)\Anti Keylogger Virtual Keyboard\keyboard.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Abe10tiger\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dzleyclwdn.vbs
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\ABE10T~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9BE9BD0A-3CC7-4B61-95AC-5A4E271B7ED7}\05C44445D4974435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA42F348-BB24-4AB2-92AC-B21630D0F7AF} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394943817&from=amt&uid=HitachiXHDS721010CLA332_JP6911HZ1XUEEF1XUEEFX&q={searchTerms}
x64-BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} -
x64-Run: [PaperPort PTD] c:\program files (x86)\scansoft\paperport\pptd40nt.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Abe10tiger\AppData\Roaming\Mozilla\Firefox\Profiles\g5qnsbjg.default-1394945989340\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\NPRobloxProxy.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Abe10tiger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Abe10tiger\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.irmysearch.aflt - ir_14_11_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 897699611
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q&cr=897699611&ir=&q=
FF - user.js: extensions.mysearchdial.id - 10673511D8679641
FF - user.js: extensions.mysearchdial.instlDay - 16145
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:28:16
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_11_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 897699611
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutCtDyCyBtAyDtCtC0DzzyCyBzyyCyEtCtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0A0ByD0FyBtByBtGtA0CyByEtG0A0D0FzytGyDyDtB0FtGyByBtByCtB0B0B0CzyzzyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0DyDyB0AtAzztAtG0EyCyDyEtGtDtD0C0CtG0B0Czy0AtGtCyCyEyEzz0A0C0A0EtByByD2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-11-5 54848]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-31 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-6 270912]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-3-16 881952]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-5 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-11-5 440400]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-11-5 1017424]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2014-3-17 807800]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-31 108440]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-12 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-12 857912]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-28 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-28 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-28 411936]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-8-5 115312]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2012-10-25 222904]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-12 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-12 63192]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-28 39200]
R3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-10-13 17160]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ProtectMonitor;Protect Monitor;C:\Program Files (x86)\PCData\StartHelp.exe [2014-3-13 90680]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-9-1 2503504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-21 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-7 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-12 19:25:36 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-12 19:24:38 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-12 19:24:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-12 19:24:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 18:39:04 -------- d-----w- C:\Crash
2014-04-05 12:39:18 154 ----a-w- C:\Users\Abe10tiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.bat
2014-04-05 12:31:27 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\SCE
2014-04-03 19:52:06 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\UWebKit
2014-04-03 19:51:51 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\.mono
2014-03-28 17:43:15 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-28 16:56:12 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\NVIDIA Corporation
2014-03-28 16:54:52 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-28 16:54:51 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-03-28 16:52:09 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-28 16:52:09 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-28 16:52:09 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-22 15:15:07 -------- d-----w- C:\Program Files (x86)\Application Updater
2014-03-22 15:15:06 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2014-03-21 21:04:24 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-21 21:04:24 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-21 05:02:15 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-03-21 04:40:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-03-21 04:40:34 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-03-21 04:40:34 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-03-21 04:40:34 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-03-21 04:16:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-03-21 04:12:12 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-03-21 04:10:51 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-03-21 04:10:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-03-21 04:10:51 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-03-21 04:05:17 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-03-21 04:05:17 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-03-18 04:18:50 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-03-18 04:18:50 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-03-18 04:17:48 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-18 04:17:48 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-18 04:17:47 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-03-18 04:17:47 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-03-18 04:17:47 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-03-18 04:17:47 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-03-18 04:17:33 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-03-18 04:17:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-03-18 04:17:03 1930752 ----a-w- C:\Windows\System32\authui.dll
2014-03-18 04:17:02 70144 ----a-w- C:\Windows\System32\appinfo.dll
2014-03-18 04:17:02 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2014-03-18 04:17:02 111448 ----a-w- C:\Windows\System32\consent.exe
2014-03-18 04:14:29 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-03-18 04:07:33 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-03-18 04:06:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-18 04:05:52 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-03-18 04:05:50 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-03-18 04:05:50 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-03-18 04:05:50 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-03-18 04:05:34 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-03-18 04:05:34 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-03-18 04:05:28 109824 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2014-03-18 04:05:28 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-03-18 04:05:26 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-18 04:05:25 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-18 04:05:06 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-03-18 04:05:06 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-03-18 03:54:48 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-03-18 03:54:48 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-03-18 03:49:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-03-18 03:49:52 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-03-18 03:38:09 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:38:09 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-03-18 03:38:09 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-03-18 03:38:09 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-03-18 03:38:09 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-03-18 03:37:58 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:58 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 03:37:56 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-03-18 03:37:56 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-18 03:33:25 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-03-18 03:33:25 136704 ----a-w- C:\Windows\System32\browser.dll
2014-03-18 03:33:24 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-03-18 03:33:12 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-03-18 03:33:11 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-03-18 03:33:11 52224 ----a-w- C:\Windows\System32\certenc.dll
2014-03-18 03:33:11 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2014-03-18 03:32:31 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-03-18 03:32:31 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-03-18 03:32:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-03-18 03:32:31 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-03-18 03:32:31 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-03-18 03:32:31 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-03-18 03:32:31 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-03-18 03:32:31 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-03-18 03:32:27 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-03-18 03:32:18 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-03-18 03:32:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-03-18 03:32:18 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-03-18 03:26:32 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-03-18 03:26:32 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-03-18 03:26:32 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-03-18 03:26:32 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-03-18 03:26:32 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-03-16 22:53:34 -------- d-----w- C:\IObit
2014-03-16 15:43:35 -------- d-----w- C:\ProgramData\ProductData
2014-03-16 15:43:30 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-16 15:35:00 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2014-03-16 05:18:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-16 04:25:59 -------- d-----w- C:\s
2014-03-16 04:25:31 -------- d-----w- C:\Program Files (x86)\PCData
2014-03-16 04:25:07 -------- d-----w- C:\Users\Abe10tiger\.android
2014-03-16 04:25:05 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\cache
2014-03-16 04:25:01 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\Mobogenie
2014-03-16 04:24:25 -------- d-----w- C:\Users\Abe10tiger\AppData\Roaming\SupTab
2014-03-16 04:24:22 -------- d-----w- C:\ProgramData\WPM
2014-03-16 04:23:30 -------- d-----w- C:\Program Files (x86)\DoubleOptMedia
2014-03-16 04:22:00 -------- d-----w- C:\Users\Abe10tiger\AppData\Local\22980
.
==================== Find3M ====================
.
2014-04-12 19:09:49 151552 ----a-w- C:\Windows\KMSEmulator.exe
2014-04-11 16:14:20 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 16:14:20 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 16:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-21 04:12:12 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-21 04:09:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-04 14:35:23 9728064 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-17 20:41:24 27456 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-31 09:04:35 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-01-31 09:04:35 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-24 01:40:18 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-01-18 00:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 13:39:35.60 ===============