DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.31.2
Run by Jack at 0:57:35 on 2015-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.2718 [GMT 0:00]
.
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Workrave\lib\Workrave.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Workrave\lib\WorkraveHelper.exe
C:\Program Files (x86)\Workrave\lib\dbus-daemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\StrongVPN\StrongService.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCam6.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Jack\AppData\Local\Temp\Rar$EXa0.712\TC_Bot_testSJ34 (BETA build 2).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.startpage.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [Workrave] C:\Program Files (x86)\Workrave\lib\workrave.exe
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [Kepard] "C:\Program Files (x86)\Kepard\Kepard.exe" tray
mRun: [DelaypluginInstall] C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
mRun: [YouCam Service6] "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
StartupFolder: C:\Users\Jack\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/ ... 5392713111
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\348494D494348414E47414 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\4514C4B44514C4B4D2836493431443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\8416272796370284F6F6C6560275946494 : DHCPNameServer = 172.16.1.1 8.8.8.8
TCP: Interfaces\{1FBE5756-A064-4A5D-B964-3A9BDE9F1787}\D4163747562734865666 : DHCPNameServer = 192.168.1.254
Handler: WSISAllmytubechrome - <Clsid value has no data>
SSODL: WebCheck - <orphaned>
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: WSISAllmytubechrome - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\7oel8un7.default-1421108389249\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Users\Jack\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2014-9-18 63160]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\bin\a2ddax64.sys [2014-9-18 26176]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2014-8-18 243440]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2014-8-18 44632]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2014-5-9 13824]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-1 1349576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 969016]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2014-5-5 88720]
R2 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2014-11-6 101560]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-1 4799760]
R3 clwvd6;CyberLink WebCam Virtual Driver 6.0 Service;C:\Windows\System32\drivers\clwvd6.sys [2014-11-3 41704]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2008-3-4 36432]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-14 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-14 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-14 425064]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-10-14 185352]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\drivers\tapstrong.sys [2014-11-6 38760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 PORTMON;PORTMON;C:\Users\Jack\Documents\System Analayses\PORTMSYS.SYS [2014-7-29 28656]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-8-5 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-7 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-12-29 31800]
S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2014-5-6 39104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-7 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-9 1255736]
S4 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-9-18 57024]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2015-01-27 22:15:51 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-01-27 20:31:18 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-21 20:50:51 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:50:51 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2015-01-21 20:50:25 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:50:25 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2015-01-21 20:48:38 -------- d-----w- C:\Windows\System32\RsFx
2015-01-21 20:36:35 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2015-01-21 20:32:37 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2015-01-20 01:17:40 -------- d-----w- C:\Users\Jack\VirtualBox VMs
2015-01-20 01:12:41 -------- d-----w- C:\Users\Jack\.VirtualBox
2015-01-20 01:11:29 916024 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2015-01-20 01:11:21 128080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2015-01-18 22:08:12 -------- d-----w- C:\Users\Jack\AppData\Local\.distlib
2015-01-16 01:47:08 -------- d-----w- C:\Users\Jack\AppData\Roaming\TS3Client
2015-01-16 01:45:58 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2015-01-16 01:00:25 -------- d-----w- C:\Users\Jack\AppData\Roaming\Linphone
2015-01-16 01:00:09 -------- d-----w- C:\Program Files (x86)\Linphone
2015-01-15 00:27:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 03:03:21 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 03:01:24 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-14 03:01:24 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-14 03:01:24 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-14 02:59:24 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 02:57:26 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 02:57:01 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 02:57:01 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 02:57:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 02:57:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 02:57:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-14 02:57:00 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 02:57:00 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-13 23:41:30 -------- d-----w- C:\Program Files\TAP-Windows
2015-01-13 23:41:28 -------- d-----w- C:\Program Files\OpenVPN
2015-01-13 23:28:57 -------- d-----w- C:\Program Files (x86)\OpenVPN
2015-01-13 22:48:51 -------- d-----w- C:\ProgramData\purevpn
2015-01-13 22:48:45 -------- d-----w- C:\Program Files (x86)\PureVPN
2015-01-12 23:54:03 -------- d-----w- C:\Users\Jack\AppData\Roaming\Wireshark
2015-01-12 23:18:35 -------- d-----w- C:\Program Files (x86)\WinPcap
2015-01-12 23:18:09 -------- d-----w- C:\Program Files\Wireshark
2015-01-08 07:20:01 -------- d-----w- C:\ProgramData\Gyazo
2015-01-06 16:29:29 -------- d-----w- C:\Users\Jack\AppData\Local\Apple Computer
2015-01-06 16:28:45 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-01-06 16:27:21 -------- d-----w- C:\Program Files\iPod
2015-01-06 16:27:17 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-06 16:27:17 -------- d-----w- C:\Program Files\iTunes
2015-01-06 16:27:17 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2015-01-30 23:44:23 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-25 00:09:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 00:09:24 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 12:07:02 141440 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-11-24 12:06:10 204264 ------w- C:\Windows\System32\VBoxNetFltNobj.dll
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 06:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 06:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 06:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-10 20:13:14 875472 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2014-11-10 20:13:14 535008 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2014-11-10 20:13:14 252400 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 0:59:28.06 ===============
Attach.txt Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/05/2014 14:45:14
System Uptime: 30/01/2015 15:29:27 (9 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV420/RV520/RV720/E3530/S3530/E3420/E3520
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 693 GiB total, 559.877 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: CSN5PDTS82x64 NDIS Protocol Driver
Device ID: ROOT\LEGACY_CSN5PDTS82X64\0000
Manufacturer:
Name: CSN5PDTS82x64 NDIS Protocol Driver
PNP Device ID: ROOT\LEGACY_CSN5PDTS82X64\0000
Service: CSN5PDTS82x64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Capsax64Drv0 NDIS Protocol Driver
Device ID: ROOT\LEGACY_CAPSAX64DRV0\0000
Manufacturer:
Name: Capsax64Drv0 NDIS Protocol Driver
PNP Device ID: ROOT\LEGACY_CAPSAX64DRV0\0000
Service: Capsax64Drv0
.
==== System Restore Points ===================
.
RP294: 21/01/2015 21:42:25 - End of disinfection
RP295: 23/01/2015 01:50:48 - Windows Update
RP296: 27/01/2015 22:17:07 - Revo Uninstaller's restore point - Search App by Ask
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Amazon Kindle
Blueline 1.1.1
Broadcom Wireless Utility
calibre
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam 6
Dropbox
Enforcer: Police Crime Action
ESET Smart Security
Everything 1.2.1.371
GameSalad Creator
Google Chrome
Google Earth
Google Update Helper
Gyazo 2.3
HostsMan 4.3.100
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
ImgBurn
Intel(R) Processor Graphics
iTunes
Java 8 Update 31
Java Auto Updater
KeyNote 1.6.5
LibreOffice 4.3.4.1
Linphone version 3.7.0
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.1
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (12.0.30919.1)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Web Deploy 3.5
Microsoft Web Platform Installer 5.0
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MySQL Connector Net 6.5.4
MySQL Server 5.1
Online Support(S Service)
OpenVPN 2.1.1
OpenVPN 2.3.6-I001
Password Corral v4.0
Prerequisites for SSDT
PureVPN
Realtek Ethernet Controller Driver
Revo Uninstaller 1.95
Revo Uninstaller Pro 3.1.2
S Agent
Samsung Support Center 1.0
Samsung Update Plus
Sandboxie 4.14 (64-bit)
Security Task Manager 1.8g
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype™ 7.0
SpywareBlaster 5.0
Sql Server Customer Experience Improvement Program
Steam
StrongVPN Client
SW Update
swMSM
TAP-Windows 9.9.2
TeamSpeak 3 Client
TeamViewer 9
TreeSize Free V3.2.1
Update for (KB2504637)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WinPatrol
WinPcap 4.1.3
Wireshark 1.12.3 (64-bit)
Workrave 1.10
.
==== Event Viewer Messages From Past Week ========
.
30/01/2015 16:26:59, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Jack-PC\Guest SID (S-1-5-21-489198973-519768537-2425427861-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/01/2015 15:32:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF
30/01/2015 15:31:06, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/01/2015 15:31:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
30/01/2015 01:00:50, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
28/01/2015 15:41:27, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
28/01/2015 00:35:04, Error: SbieDrv [1412] - SBIE1412 In text: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
28/01/2015 00:35:04, Error: SbieDrv [1406] - SBIE1406 Missing or invalid expansion for SystemDrive: [C0000189]
28/01/2015 00:34:54, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
28/01/2015 00:34:51, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/01/2015 00:30:34, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The TeamViewer 9 service failed to start due to the following error: The pipe has been ended.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The StrongVPN Service service failed to start due to the following error: The pipe has been ended.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
28/01/2015 00:30:34, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: A system shutdown is in progress.
27/01/2015 22:59:13, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
27/01/2015 22:59:12, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
27/01/2015 21:02:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
27/01/2015 21:02:04, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2015 21:01:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8009c884e0, 0xfffff880048c7d10, 0xffffffffc0000001, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012715-23899-01.
27/01/2015 15:58:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:58:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/01/2015 15:58:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/01/2015 15:58:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/01/2015 15:58:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/01/2015 15:58:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/01/2015 15:58:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/01/2015 15:57:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2015 15:57:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================