[RESOLVED] Major computer problem help please.

[ddpdave]

Hi,

Problem
1 - My C: drive is always near full. I've noticed lately without doing anything that if I refresh the window that shows how much space I have left it is continuously going down and down.
2 - vafmusic8 toolbar won't delete from the control panel uninstall program.
3 - Flashplayerpluggin_15_0_0223.exe
causes the firefox to freeze and stop working. Actually happening on my desktop computer AND my laptop.
Please help me figure this one out!

I have tried:
Superantispyware program .
AVAST
Macafee virus scan
CC cleaner

Any help would be greatly appreciated!!!

[fink]

Welcome to VirtualDr. Please read this sticky at the top of the forum and copy/paste the scanner's log files below.

http://discussions.virtualdr.com/sho...ated-4-1-2014)

[Midknyte]

Please read the forum rules carefully.
http://discussions.virtualdr.com/sho...ed-4-1-2014%29

Make sure all logs are pasted not attached. Attached logs won't be reviewed.

Don't attach files. As fink said, COPY/PASTE the log text into the forum posts.

[ddpdave]

Sorry.
Having trouble copying the log or even seeing it. I followed the instructions...all I get in the text file is: Malwarebytes Anti-Malware
www.malwarebytes.org

Vafmusic8 was deleted so that is good news.

Malwarebytes Anti-Malware
www.malwarebytes.org

but here is Daily protection log:

Protection, 13/11/2014 11:38:08 AM, SYSTEM, DAVE-PC, Protection, Malware Protection, Starting,
Protection, 13/11/2014 11:38:08 AM, SYSTEM, DAVE-PC, Protection, Malware Protection, Started,
Protection, 13/11/2014 11:38:08 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Starting,
Update, 13/11/2014 11:38:10 AM, SYSTEM, DAVE-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.12.1,
Protection, 13/11/2014 11:38:10 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Started,
Update, 13/11/2014 11:38:17 AM, SYSTEM, DAVE-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.13.6,
Protection, 13/11/2014 11:38:17 AM, SYSTEM, DAVE-PC, Protection, Refresh, Starting,
Protection, 13/11/2014 11:38:17 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 13/11/2014 11:38:18 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 13/11/2014 11:38:27 AM, SYSTEM, DAVE-PC, Protection, Refresh, Success,
Protection, 13/11/2014 11:38:27 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Starting,
Protection, 13/11/2014 11:38:27 AM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Started,
Scan, 13/11/2014 1:16:25 PM, SYSTEM, DAVE-PC, Manual, Start:13/11/2014 11:38:42 AM, Duration:29 min 53 sec, Threat Scan, Completed, 0 Malware Detections, 256 Non-Malware Detections,
Protection, 13/11/2014 1:19:25 PM, SYSTEM, DAVE-PC, Protection, Malware Protection, Starting,
Protection, 13/11/2014 1:19:25 PM, SYSTEM, DAVE-PC, Protection, Malware Protection, Started,
Protection, 13/11/2014 1:19:25 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Starting,
Protection, 13/11/2014 1:20:57 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Started,
Detection, 13/11/2014 1:22:02 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 195.62.24.105, 62202, Outbound, C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 13/11/2014 1:22:02 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 195.62.24.105, 62202, Outbound, C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 13/11/2014 1:22:24 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 217.23.187.202, 62202, Outbound, C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe,
Detection, 13/11/2014 1:22:25 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 217.23.187.202, 62202, Outbound, C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe,
Update, 13/11/2014 1:43:51 PM, SYSTEM, DAVE-PC, Scheduler, Malware Database, 2014.11.13.6, 2014.11.13.7,
Protection, 13/11/2014 1:43:51 PM, SYSTEM, DAVE-PC, Protection, Refresh, Starting,
Protection, 13/11/2014 1:43:51 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 13/11/2014 1:43:51 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 13/11/2014 1:44:24 PM, SYSTEM, DAVE-PC, Protection, Refresh, Success,
Protection, 13/11/2014 1:44:24 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Starting,
Protection, 13/11/2014 1:44:25 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, Started,
Detection, 13/11/2014 2:05:54 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.228, rotator.offpageads.com, 50452, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:05:54 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.228, rotator.offpageads.com, 50452, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:06:15 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.229, 0427d7.se, 50482, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:06:15 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.229, 0427d7.se, 50482, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:21 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, bfd69dd9.se, 50653, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:21 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, bfd69dd9.se, 50654, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:21 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, bfd69dd9.se, 50653, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:51 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 50710, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:51 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 50710, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:51 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 217.23.9.122, yuq.me, 50711, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:55 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.229, 32d1d3b9c.se, 50738, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:55 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.229, 32d1d3b9c.se, 50739, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,
Detection, 13/11/2014 2:08:56 PM, SYSTEM, DAVE-PC, Protection, Malicious Website Protection, IP, 80.252.188.229, 32d1d3b9c.se, 50738, Outbound, C:\Program Files (x86)\Internet Explorer\iexplore.exe,

(end)

[Midknyte]

That's the wrong MBAM log.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

[ddpdave]

That's the wrong MBAM log.

i did follow these instructions and it didn't work.
Ran the scan again and got ONE harmful bug...and then followed the instructions again and it worked.
So I have nothing to show of all the things it removed.

Anyone know how to fix the flashplayerpluggin problem?

[Midknyte]

Please review the steps carefully. It works if you are using MBAM 2.x.

You should make sure your system is clean first. It sounds like you have an infection that is messing up Flash.

[fink]

I have reopened this thread. Pls let us know if you are going to leave it without posting for an extended period of time.

[ddpdave]

I have reopened this thread. Pls let us know if you are going to leave it without posting for an extended period of time.

Malware keeps popping up with svcHost.exe...
I've ran all the tests...
Can Broni advise me on what to do now please. I have ran malware a few times...please advise me what I need to do next. thanks I've attached logs and pasted below:

pasted:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/11/2014
Scan Time: 6:35:57 PM
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.11.13.11
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364601
Time Elapsed: 1 hr, 9 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.CrossRider.A, C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\2bei1s5g.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14157d1cfae6198dc296a6a5a74fb206"), Replaced,[dc7079c2e19ba98d87ff2d5033d241bf]

Physical Sectors: 0
(No malicious items detected)


(end)Daveslog.txtDDPScanLog.txt

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

I still need DDS logs.

[Broni]

Also, please stop creating multiple topics regarding same computer.
Stay right here in this topic.
I'll close two other topics.

[ddpdave]

What logs did I give you above? Can you please paste me your instructions you want me to read carefully? or are you referring to whats below? I read them. Shame I run 4 tests at the same time! won't do that again.
Sorry that I'm confused...need you to tell me where I get DDS Logs if it isn't in malware/history/APPLogs/double click scan log

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

I still need DDS logs.

[ddpdave]

I'm thinking of doing a reformat of desktop and laptop computer...
For some reason on the computer we are talking about I can't access my router now after typing in 192.168.1.1
FED UP

[Broni]

You were informed at the very beginning if this topic and actually informed twice what to do.
Complete all steps from here: http://discussions.virtualdr.com/sho...ed-4-1-2014%29
I'm not sure why it's so hard to understand.

[ddpdave]

You were informed at the very beginning if this topic and actually informed twice what to do.
Complete all steps from here: http://discussions.virtualdr.com/sho...ed-4-1-2014%29
I'm not sure why it's so hard to understand.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by Dave at 19:18:13 on 2014-11-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3046.1308 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
E:\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Malwarebytes Anti-Malware\mbamscheduler.exe
D:\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
D:\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
E:\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\BlackBerry\BlackBerryLink.AutoUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
E:\MyMoviesprogram\My Movies Tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://torrentz.eu/i
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mStart Page = about:blank
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} -
uRun: [Hobbyist Software VLC Streamer] "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
uRun: [uTorrent] "C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe
uRun: [BlackBerryLink.exe] "D:\BlackBerry\BlackBerryLink.exe" /minimize
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{99D6C5F4-0BC5-492E-8E66-072D6AC65DD2} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = about:blank
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\2bei1s5g.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://bay174.mail.live.com/default.aspx
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2010-3-25 180968]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-22 224896]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-21 469400]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-22 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-22 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-25 283064]
R1 SASDIFSV;SASDIFSV;E:\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;E:\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;E:\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-22 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-22 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-22 50344]
R2 MBAMScheduler;MBAMScheduler;D:\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-13 1871160]
R2 MBAMService;MBAMService;D:\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-13 968504]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-3-25 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-21 79504]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2014-6-23 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2014-6-23 1325568]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-3-18 585728]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2007-6-20 409600]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-13 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-13 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-13 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-21 120096]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2014-6-23 17920]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2013-10-11 33872]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-21 78896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 20992]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-26 59392]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-22 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-22 1255736]
.
=============== Created Last 30 ================
.
2014-11-20 00:47:18 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-20 00:47:17 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-20 00:47:17 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-20 00:47:15 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-13 19:05:07 -------- d-sh--w- C:\Users\Dave\AppData\Local\EmieBrowserModeList
2014-11-13 16:38:05 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-13 16:37:31 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-13 16:37:31 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-13 16:37:31 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-13 16:37:31 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-12 23:00:16 -------- d-----w- C:\ProgramData\ALM
2014-11-12 11:07:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-12 11:06:51 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 11:06:51 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 11:06:49 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 11:06:44 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 11:06:44 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 11:06:41 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 11:06:41 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-05 02:43:38 -------- d-----w- C:\Users\Dave\AppData\Roaming\XCPCSync.OEM
2014-11-05 02:22:55 -------- d-----w- C:\Users\Dave\AppData\Roaming\Research In Motion
2014-11-05 02:22:19 -------- d-----w- C:\ProgramData\Research In Motion
2014-11-01 21:22:27 -------- d-----w- C:\Users\Dave\AppData\Local\Downloaded Installations
2014-11-01 04:37:18 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-11-01 03:42:08 44544 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2014-10-31 03:19:30 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-10-31 03:19:09 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2014-10-31 03:17:35 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2014-10-31 03:17:35 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2014-10-31 03:16:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-31 03:16:09 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\39abaac1cff4b9\DXSETUP.exe
2014-10-31 03:16:09 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\39abaac1cff4b9\dsetup32.dll
2014-10-31 03:16:08 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\39abaac1cff4b9\DSETUP.dll
2014-10-31 03:15:53 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2AFA.tmp
2014-10-31 03:15:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
.
==================== Find3M ====================
.
2014-11-12 05:58:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 05:58:24 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-23 01:57:07 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-09-23 01:57:07 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-09-23 01:57:07 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-23 01:57:07 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-09-23 01:57:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-09-23 01:57:07 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-09-23 01:57:07 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-09-23 01:57:07 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
.
============= FINISH: 19:33:07.36 ===============