Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: From the Frying Pan and Into the Fire

  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default From the Frying Pan and Into the Fire

    I was referred to this forum by Tashi after some self-help efforts () may have revealed more of an issue than I realized I was dealing with and now I need some help.

    Please see me original Post #3 of my initial post for more detailed background...
    http://forums.spybot.info/showthread...ally-innocuous

    Quick synopsis:

    User of laptop was victim of a bank account "take over." Financial institution recommended running virus and malware scans. Scans were run and SBSD showed "tracks" that were rated as low threat; the Microsoft article on them suggested it was nothing to be concerned about, but I still had doubts, hence my initial post. I re-ran scans and utilized additional tools and more things were discovered - different tools were finding different things.

    Spybot scans keep showing low threat stuff, including the tracks that prompted me to make my initial post. Since that post (and running several other programs), an additional concerns have arisen. One of tools identified "PerfectKeylogger" (don't recall which one) and RogueKiller identified several registry entries that should be deleted (which I did).

    Additional tools used: MalwareBytes, AdwCleaner, Junkware Removal Tool, Rogue Killer, Sophos VRT.

    Registry entries of concern:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableRegistryTools"=dword:00000000

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableTaskMgr"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001

    RogueKiller seems to have eradicated the problem registry keys.

    However, Sophos identified a different threat: Mal/FakeAvCn-n

    I read Post #2 in this forum's FAQ, as suggested by Tashi, and it says to run ERUNT. However, I'm running Windows 7 and that's not listed as a supported operating system.

    What should I do next?

    Help please!

    bjmcdow

    Here are the results of DDS Log:

    Attach.txt is attached

    DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by GT_Prime at 7:33:20 on 2013-11-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1519 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\HPSIsvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com
    mStart Page = about:blank
    mDefault_Page_URL = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
    dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
    dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.77
    TCP: Interfaces\{08B580C8-DC56-4AE4-A1A3-FBD5BED64A98} : DHCPNameServer = 192.168.1.77
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154} : DHCPNameServer = 192.168.1.77
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154}\2656C6B696E6E2231663 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154}\666687C69626 : DHCPNameServer = 172.17.1.33 172.17.1.36
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154}\C474154423 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154}\C496E6B637973754874756E64656272333632373 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E0F50D66-CA50-4581-96E1-B97A75B86154}\D4858433A4 : DHCPNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-12 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-12 205320]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-12 1032416]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-12 409832]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-3 89600]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-12 38984]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-12 84328]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-12 50344]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-6-25 338168]
    R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-6-8 697712]
    R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-6-8 646000]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-2-24 127800]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-31 13336]
    R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 350792]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-9 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-9 701512]
    R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
    R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2012-12-26 46224]
    R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-19 65657]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-12 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-12 1042272]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-31 2533400]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
    R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
    R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-31 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-31 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-31 271872]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-18 25928]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-12 171416]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-9-13 51712]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-12 111616]
    S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-2-24 20480]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-13 19456]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-31 349800]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-26 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-11-14 02:21:54 -------- d-----w- C:\ProgramData\Sophos
    2013-11-14 02:21:42 73728 ----a-r- C:\Users\GT_Prime\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-11-14 02:21:42 73728 ----a-r- C:\Users\GT_Prime\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2013-11-14 02:21:42 73728 ----a-r- C:\Users\GT_Prime\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2013-11-14 02:21:37 -------- d-----w- C:\Program Files (x86)\Sophos
    2013-11-13 20:08:57 -------- d-----w- C:\Windows\ERUNT
    2013-11-13 20:02:18 -------- d--h--w- C:\dvmexp
    2013-11-13 19:58:14 -------- d-----w- C:\AdwCleaner
    2013-11-13 19:27:22 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\Malwarebytes
    2013-11-13 14:02:00 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-11-13 14:01:58 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2013-11-13 14:01:54 243200 ----a-w- C:\Windows\System32\rdpudd.dll
    2013-11-13 14:01:54 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
    2013-11-13 14:01:54 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
    2013-11-13 14:01:53 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
    2013-11-13 14:01:32 350720 ----a-w- C:\Windows\System32\mvhlewsi.DLL
    2013-11-13 14:01:32 288768 ----a-w- C:\Windows\System32\HP1100LM.DLL
    2013-11-13 14:01:32 1696256 ----a-w- C:\Windows\System32\HP1100SM.EXE
    2013-11-13 13:54:59 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2013-11-13 13:54:59 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2013-11-13 13:54:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-11-13 13:54:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-11-13 03:11:10 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
    2013-11-13 03:04:47 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\AVAST Software
    2013-11-13 03:03:34 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-11-13 03:03:34 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-11-13 03:03:34 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-11-13 03:03:33 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-11-13 03:03:33 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-11-13 03:03:26 43152 ----a-w- C:\Windows\avastSS.scr
    2013-11-13 02:53:18 -------- d-----w- C:\Users\GT_Prime\AppData\Local\Google
    2013-11-13 02:26:56 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\MyHeritage
    2013-11-13 02:24:04 -------- d-----w- C:\Users\GT_Prime\AppData\Local\Hewlett-Packard
    2013-11-13 02:22:44 -------- d-----w- C:\Users\GT_Prime\AppData\Local\EgisTec
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\Intel Corporation
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\Intel
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\ICAClient
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Roaming\hpqLog
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Local\EgisTec IPS
    2013-11-13 02:21:55 -------- d-----w- C:\Users\GT_Prime\AppData\Local\Citrix
    2013-11-12 18:27:02 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-11-12 18:26:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-11-12 16:31:24 -------- d-----w- C:\Computer Maintenance Tools
    2013-11-12 15:25:39 250785 ----a-w- C:\ProgramData\1384269853.bdinstall.bin
    2013-11-12 15:24:01 32213 ----a-w- C:\ProgramData\1384269729.bdinstall.bin
    2013-11-12 03:03:18 -------- d-----w- C:\Program Files\File Shredder
    2013-11-11 21:43:58 556038 ----a-w- C:\ProgramData\1384205866.bdinstall.bin
    2013-11-11 21:41:53 -------- d-----w- C:\ProgramData\BDLogging
    2013-11-11 21:41:44 511328 ----a-w- C:\Windows\capicom.dll
    2013-11-11 21:29:50 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2013-11-11 21:27:49 -------- d-----w- C:\Program Files\Common Files\Bitdefender
    2013-11-11 21:27:22 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
    2013-11-11 20:34:56 -------- d-----w- C:\Program Files\iPod
    2013-11-11 20:34:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-11-11 20:34:55 -------- d-----w- C:\Program Files\iTunes
    2013-11-11 20:34:55 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-11-11 20:16:44 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-11-11 18:37:24 50215 ----a-w- C:\ProgramData\1384194970.bdinstall.bin
    2013-11-11 18:37:12 -------- d-----w- C:\ProgramData\Bitdefender
    2013-11-11 18:37:05 -------- d-----w- C:\Program Files\Bitdefender
    2013-10-19 16:11:39 -------- d-----w- C:\Program Files (x86)\Test Prep
    2013-10-18 13:09:18 -------- d-----w- C:\ProgramData\Oracle
    2013-10-18 13:08:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-09 01:59:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-09 01:59:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
    2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
    2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
    2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
    2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
    2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
    2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
    2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
    2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
    2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
    2013-09-22 01:16:58 59164672 ----a-w- C:\Program Files (x86)\NTI Backup Now EZ.msi
    2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-09-02 15:53:33 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
    2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    .
    ============= FINISH: 7:33:55.08 ===============

    aswMBR.txt

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-11-14 07:46:09
    -----------------------------
    07:46:09.106 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:46:09.107 Number of processors: 4 586 0x2505
    07:46:09.107 ComputerName: MOMSY UserName:
    07:46:12.974 Initialize success
    07:46:14.312 AVAST engine defs: 13111302
    07:46:47.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    07:46:47.802 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
    07:46:47.883 Disk 0 MBR read successfully
    07:46:47.887 Disk 0 MBR scan
    07:46:47.893 Disk 0 unknown MBR code
    07:46:47.902 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    07:46:47.908 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 585948 MB offset 409600
    07:46:47.946 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 24228 MB offset 1200431104
    07:46:47.961 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
    07:46:48.098 Disk 0 scanning C:\Windows\system32\drivers
    07:47:02.472 Service scanning
    07:47:30.077 Modules scanning
    07:47:30.091 Disk 0 trace - called modules:
    07:47:30.153 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    07:47:30.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052a3060]
    07:47:30.170 3 CLASSPNP.SYS[fffff88001abb43f] -> nt!IofCallDriver -> [0xfffffa800513db10]
    07:47:30.178 5 hpdskflt.sys[fffff88001a62189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fcb050]
    07:47:31.467 AVAST engine scan C:\Windows
    07:47:34.746 AVAST engine scan C:\Windows\system32
    07:50:55.132 AVAST engine scan C:\Windows\system32\drivers
    07:51:15.415 AVAST engine scan C:\Users\GT_Prime
    07:51:54.496 AVAST engine scan C:\ProgramData
    07:57:38.741 Scan finished successfully
    07:58:34.561 Disk 0 MBR has been saved successfully to "C:\Users\GT_Prime\Desktop\MBR.dat"
    07:58:34.567 The log file has been saved successfully to "C:\Users\GT_Prime\Desktop\aswMBR.txt
    Attached Files Attached Files

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sorry for the delay, but I am with you now.

    Wondering about this, if someone uses your laptop they could see personal info
    http://www.systemlookup.com/search.p...passmgr.exe&s=

    Nothing really bad jumping out at me, but lets be sure



    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Question ComboFix still detects Avast! 2014 even after disabling

    Thank you for your assitance!

    In addition to Avast! 2014 still being detected, I cannot exit from ComboFix. My only options are the "x" to close the window (which didn't work with the first notification) or to click "ok" on the warning window that says Avast! Antivirus is still running and that proceeding is at my own risk.

    Should I try rebooting?

    In a holding pattern until I hear from you

    Quote Originally Posted by ken545 View Post


    Sorry for the delay, but I am with you now.

    Wondering about this, if someone uses your laptop they could see personal info
    http://www.systemlookup.com/search.p...passmgr.exe&s=

    Nothing really bad jumping out at me, but lets be sure



    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running ...If they are then Kill process on the first one and then try CF again, try Kill process on each one until CF runs

    findstr
    sed
    grep.
    nircmd.exe
    nircmd.cfexe
    swsc.cfexe
    * .. or any other process that has the .cfexe extension except for CFxxx.cfexe

    If ComboFix is still 'hung', then kill process on CFxxx.cfexe
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default ComboFix starting running BUT

    processes show AvastUI.exe*32 is still running. It would not let me kill it. ComboFix still running, so far it's completed Stage_3

    Quote Originally Posted by ken545 View Post
    Bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running ...If they are then Kill process on the first one and then try CF again, try Kill process on each one until CF runs

    findstr
    sed
    grep.
    nircmd.exe
    nircmd.cfexe
    swsc.cfexe
    * .. or any other process that has the .cfexe extension except for CFxxx.cfexe

    If ComboFix is still 'hung', then kill process on CFxxx.cfexe

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Let it run, there are over 50 stages and then a brief period where its creating the log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default ComboFix is done...

    Log file attached...

    Quote Originally Posted by ken545 View Post
    Let it run, there are over 50 stages and then a brief period where its creating the log
    Lets just copy and paste any logs we need into the thread in lew of attaching them, its easier for these old eyes to see

    ComboFix 13-11-19.01 - GT_Prime 11/20/2013 13:06:57.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2259 [GMT -5:00]
    Running from: c:\users\GT_Prime\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\1384194970.bdinstall.bin
    c:\programdata\1384205866.bdinstall.bin
    c:\programdata\1384269729.bdinstall.bin
    c:\programdata\1384269853.bdinstall.bin
    c:\windows\SysWow64\TBD5C83.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2013-11-20 18:20 . 2013-11-20 18:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13213B10-BD75-4750-A9E3-6C189C769C71}\offreg.dll
    2013-11-20 03:01 . 2013-11-20 03:01 0 ----a-w- c:\windows\SysWow64\sho7B3A.tmp
    2013-11-16 03:33 . 2013-11-16 03:33 -------- d-----w- c:\users\Bethany\AppData\Local\CrashDumps
    2013-11-14 02:21 . 2013-11-14 02:22 -------- d-----w- c:\programdata\Sophos
    2013-11-14 02:21 . 2013-11-14 02:21 -------- d-----w- c:\program files (x86)\Sophos
    2013-11-13 20:08 . 2013-11-13 20:08 -------- d-----w- c:\windows\ERUNT
    2013-11-13 20:02 . 2013-11-13 20:02 -------- d-----w- C:\dvmexp
    2013-11-13 19:58 . 2013-11-16 02:48 -------- d-----w- C:\AdwCleaner
    2013-11-13 14:02 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2013-11-13 14:01 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2013-11-13 14:01 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
    2013-11-13 14:01 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
    2013-11-13 14:01 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2013-11-13 14:01 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
    2013-11-13 14:01 . 2012-08-31 20:10 350720 ----a-w- c:\windows\system32\mvhlewsi.DLL
    2013-11-13 14:01 . 2012-08-31 20:03 1696256 ----a-w- c:\windows\system32\HP1100SM.EXE
    2013-11-13 14:01 . 2012-08-31 20:03 288768 ----a-w- c:\windows\system32\HP1100LM.DLL
    2013-11-13 13:54 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
    2013-11-13 13:54 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2013-11-13 13:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-11-13 13:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-11-13 03:49 . 2013-11-13 03:49 -------- d-----w- c:\users\Bethany\AppData\Roaming\AVAST Software
    2013-11-13 03:11 . 2013-11-13 03:11 447888 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2013-11-13 03:03 . 2013-11-13 03:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-11-13 03:03 . 2013-11-13 03:03 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-11-13 03:03 . 2013-11-13 03:03 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-11-13 03:03 . 2013-11-13 03:03 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-11-13 03:03 . 2013-11-13 03:03 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-11-13 03:03 . 2013-11-13 03:03 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-11-13 03:03 . 2013-11-13 03:03 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-11-13 03:03 . 2013-11-13 03:03 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-11-13 03:03 . 2013-11-13 03:03 43152 ----a-w- c:\windows\avastSS.scr
    2013-11-13 02:20 . 2013-11-13 02:21 -------- d-----w- c:\users\GT_Prime
    2013-11-12 18:27 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2013-11-12 18:26 . 2013-11-12 18:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-11-12 16:31 . 2013-11-12 16:43 -------- d-----w- C:\Computer Maintenance Tools
    2013-11-12 05:19 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2013-11-12 03:03 . 2013-11-12 03:16 -------- d-----w- c:\program files\File Shredder
    2013-11-12 03:02 . 2013-11-12 03:02 -------- d-----w- c:\users\Bethany\AppData\Local\WhiteListing
    2013-11-12 03:02 . 2013-11-12 03:02 -------- d-----w- c:\users\Bethany\AppData\Local\NativeMessaging
    2013-11-12 03:02 . 2013-11-12 03:02 -------- d-----w- c:\users\Bethany\AppData\Local\CRE
    2013-11-11 21:41 . 2013-11-12 01:54 -------- d-----w- c:\programdata\BDLogging
    2013-11-11 21:41 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2013-11-11 21:37 . 2013-11-11 21:37 -------- d-----w- c:\users\Bethany\AppData\Roaming\QuickScan
    2013-11-11 21:29 . 2013-11-11 21:29 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2013-11-11 21:27 . 2013-11-12 15:25 -------- d-----w- c:\program files\Common Files\Bitdefender
    2013-11-11 21:27 . 2013-11-11 21:27 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
    2013-11-11 20:34 . 2013-11-11 20:34 -------- d-----w- c:\program files\iPod
    2013-11-11 20:34 . 2013-11-11 20:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-11-11 20:34 . 2013-11-11 20:35 -------- d-----w- c:\program files\iTunes
    2013-11-11 20:34 . 2013-11-11 20:35 -------- d-----w- c:\program files (x86)\iTunes
    2013-11-11 20:16 . 2013-11-11 20:16 312744 ----a-w- c:\windows\system32\javaws.exe
    2013-11-11 20:16 . 2013-11-11 20:16 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-11-11 20:16 . 2013-11-11 20:16 189352 ----a-w- c:\windows\system32\javaw.exe
    2013-11-11 20:16 . 2013-11-11 20:16 189352 ----a-w- c:\windows\system32\java.exe
    2013-11-11 20:16 . 2013-11-11 20:16 -------- d-----w- c:\program files\Java
    2013-11-11 18:37 . 2013-11-12 15:25 -------- d-----w- c:\programdata\Bitdefender
    2013-11-11 18:37 . 2013-11-12 15:26 -------- d-----w- c:\program files\Bitdefender
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-13 13:57 . 2011-05-01 22:32 82896128 ----a-w- c:\windows\system32\MRT.exe
    2013-11-13 03:03 . 2011-04-25 03:48 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-10-09 01:59 . 2012-04-18 01:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-10-09 01:59 . 2011-06-23 03:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-08 11:50 . 2013-10-18 13:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-09-22 01:16 . 2013-09-22 01:17 59164672 ----a-w- c:\program files (x86)\NTI Backup Now EZ.msi
    2013-09-08 02:30 . 2013-10-09 10:45 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:27 . 2013-10-09 10:45 327168 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-08 02:03 . 2013-10-09 10:45 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2013-09-04 12:12 . 2013-10-09 10:44 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 12:11 . 2013-10-09 10:44 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 12:11 . 2013-10-09 10:44 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 12:11 . 2013-10-09 10:44 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 12:11 . 2013-10-09 10:44 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 12:11 . 2013-10-09 10:44 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 12:11 . 2013-10-09 10:44 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-09-02 15:53 . 2012-02-25 13:03 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
    2013-08-29 02:17 . 2013-10-09 10:45 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-29 02:16 . 2013-10-09 10:45 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-29 02:16 . 2013-10-09 10:45 243712 ----a-w- c:\windows\system32\wow64.dll
    2013-08-29 02:16 . 2013-10-09 10:45 859648 ----a-w- c:\windows\system32\tdh.dll
    2013-08-29 02:13 . 2013-10-09 10:45 878080 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-29 01:51 . 2013-10-09 10:45 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51 . 2013-10-09 10:45 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50 . 2013-10-09 10:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-08-29 01:50 . 2013-10-09 10:45 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
    2013-08-29 01:50 . 2013-10-09 10:45 619520 ----a-w- c:\windows\SysWow64\tdh.dll
    2013-08-29 01:48 . 2013-10-09 10:45 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
    2013-08-29 01:48 . 2013-10-09 10:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-08-29 00:49 . 2013-10-09 10:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-08-29 00:49 . 2013-10-09 10:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49 . 2013-10-09 10:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-08-29 00:49 . 2013-10-09 10:44 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-08-28 01:21 . 2013-10-09 10:45 3155968 ----a-w- c:\windows\system32\win32k.sys
    2013-08-28 01:12 . 2013-10-09 10:44 461312 ----a-w- c:\windows\system32\scavengeui.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
    2013-07-23 06:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
    "VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2012-12-26 581264]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-13 3568312]
    .
    c:\users\Bethany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Family Tree Builder Update"=c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
    R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
    S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [x]
    S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
    S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x]
    S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-14 23:07 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:59]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 17:17]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 17:17]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500757329-1274289251-2196356054-1000Core.job
    - c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 20:56]
    .
    2013-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500757329-1274289251-2196356054-1000UA.job
    - c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 20:56]
    .
    2013-11-20 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\Communicator.exe [2012-12-20 12:01]
    .
    2013-11-20 c:\windows\Tasks\HPCeeScheduleForBethany.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-11-13 03:03 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-04 525312]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-09-13 324096]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mDefault_Page_URL = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.1.77
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
    Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
    Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
    Notify-SDWinLogon - SDWinLogon.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-11-20 13:25:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-11-20 18:25
    .
    Pre-Run: 518,747,656,192 bytes free
    Post-Run: 518,106,329,088 bytes free
    .
    - - End Of File - - 480CD911E453D34D97D028AD6F9EA10E
    Attached Files Attached Files
    Last edited by ken545; 2013-11-20 at 20:46.

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default I got a redirect loop when I clicked on the link

    The window with the redirect loop message is shown below...

    Redirect Loop.PNG

    Should I click "reload"?

    Quote Originally Posted by ken545 View Post
    Great

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.

  10. #10
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default Using Chrome...

    should I skip steps 1 and 2 and use alternate browser instructions?

    Quote Originally Posted by bjmcdow View Post
    The window with the redirect loop message is shown below...

    Redirect Loop.PNG

    Should I click "reload"?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •