My girlfriend's PC recently became infected with "RegClean Pro"-- which is a pain. Pop-ups / problems with browsers/ slow performance/errors for no reason...
We are running Malware Bytes-- which removed MOST of it, I think-- but I would like someone to examine our logs, and determine if EVERYTHING is removed, please ??
I would greatly appreciate it...
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2014 9:49:46 PM
System Uptime: 8/16/2014 8:10:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Microprocessor | 1795/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 223 GiB total, 191.06 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 10 GiB total, 9.657 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 8/15/2014 9:53:39 PM - Windows Update
RP9: 8/15/2014 10:11:14 PM - avast! antivirus system restore point
RP10: 8/15/2014 10:16:17 PM - Online Armor installation
RP12: 8/15/2014 10:22:49 PM - Revo Uninstaller's restore point - Online Armor 6.0
RP13: 8/15/2014 10:31:45 PM - Online Armor installation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Shockwave Player 12.1
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
avast! Free Antivirus
CCleaner
Clickfree Easy Image
Conexant D850 PCI V.92 Modem
Diskeeper 12 Home
Ditto
DriverUpdate
FileHippo.com Update Checker
Foxit Reader
GIMP 2.8.4
HP Photo Creations
HP Photosmart 6520 series Basic Device Software
HP Photosmart 6520 series Help
HP Photosmart 6520 series Product Improvement Study
HP Update
HPDiagnosticAlert
IDT Audio
Intel(R) Chipset Device Software
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 18.7.28.0
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 67
Java Auto Updater
Kingsoft Office 2012 (8.1.0.3385)
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
Notepad++
Online Armor 7.0
PrintMaster Platinum 18.1
Quick Blackjack 3.0 (remove only)
Quick Cribbage 3.5 (remove only)
Quick Poker 3.3 (remove only)
Revo Uninstaller 1.95
RoboForm 7-9-8-5 (All Users)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Speccy
Stickies 7.1e
SUPERAntiSpyware
swMSM
Unlocker 1.9.2
VC_CRT_x86
Visual Studio 2012 x86 Redistributables
Wise Disk Cleaner 7.93
Wise Registry Cleaner 8.21
.
==== Event Viewer Messages From Past Week ========
.
8/16/2014 8:12:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/16/2014 8:12:05 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
8/15/2014 9:41:40 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.
8/15/2014 9:37:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070422'. Restart your computer, and then try to restart the service.
8/15/2014 9:30:17 PM, Error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/15/2014 9:29:33 PM, Error: Service Control Manager [7030] - The Foxit Cloud Safe Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/15/2014 7:57:14 PM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: avast! HardwareID is not a valid Win32 application.
8/15/2014 7:56:56 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.5.0 service failed to start due to the following error: The system cannot find the path specified.
8/15/2014 7:54:37 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/15/2014 7:33:28 PM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: Access is denied.
8/15/2014 6:33:56 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
8/15/2014 6:33:56 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: A system shutdown is in progress.
8/15/2014 6:33:56 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:33:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:33:55 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
8/15/2014 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/15/2014 6:33:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/15/2014 6:33:44 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/15/2014 6:32:19 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:32:19 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/15/2014 6:32:19 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:32:19 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
8/15/2014 6:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/15/2014 6:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/15/2014 11:13:33 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} as /. The error: "5" Happened while starting this command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
8/15/2014 10:07:13 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
8/14/2014 6:28:42 AM, Error: Service Control Manager [7000] - The MBAMWebAccessControl service failed to start due to the following error: Access is denied.
8/14/2014 6:28:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.67.2
Run by Karen at 20:29:56 on 2014-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.1570 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\oaui.exe
C:\ProgramData\Clickfree\cfagent.exe
C:\Program Files\Ditto\Ditto.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Stickies\stickies.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ClickfreeMonitor] c:\programdata\clickfree\cfagent.exe
uRun: [Ditto] c:\program files\ditto\Ditto.exe
uRun: [FibReminder] c:\programdata\clickfree\fullimagingbackup\FibReminder.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\karen\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{BC9BE4E4-0D4B-43EB-84D0-550E57EB56D1} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\pz3xfuyv.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-9 192352]
R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [2014-2-2 35120]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [2014-2-2 85328]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2013-7-20 526392]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2013-7-20 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-9 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-9 414520]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-16 74456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2014-8-15 210360]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2014-8-15 44984]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2014-8-15 34856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-9 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-9 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-8-9 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-9 50344]
R2 FibUacService;FibUacService;c:\programdata\clickfree\fullimagingbackup\FibUac.exe [2013-2-17 37192]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-10 241728]
R2 FullImagingService;FullImagingService;c:\programdata\clickfree\fullimagingbackup\FullImagingService.exe [2013-2-17 235848]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-7-20 14904]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2013-7-30 133888]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-3 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-3 860472]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2014-8-15 584864]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2014-8-15 4457688]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-3 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-3 51928]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2014-8-15 31760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2014-2-2 44496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-15 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-10 14848]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-5 13464]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-3 1343400]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
.
=============== Created Last 30 ================
.
2014-08-16 05:08:47 -------- d-----w- c:\windows\Panther
2014-08-16 04:54:58 -------- d--h--w- C:\$WINDOWS.~Q
2014-08-16 04:52:06 -------- d--h--w- C:\$INPLACE.~TR
2014-08-16 02:32:44 -------- d-----w- c:\users\karen\appdata\roaming\OnlineArmor
2014-08-16 02:32:44 -------- d-----w- c:\programdata\OnlineArmor
2014-08-16 02:31:36 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2014-08-16 02:31:36 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys
2014-08-16 02:31:36 31760 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-08-16 02:31:36 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys
2014-08-16 02:31:33 -------- d-----w- c:\program files\Online Armor
2014-08-16 02:02:39 -------- d-----w- c:\users\karen\appdata\local\ElevatedDiagnostics
2014-08-16 01:53:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-08-16 01:53:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-08-16 01:53:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-08-16 01:43:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-08-16 01:43:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-08-16 01:43:37 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-16 01:43:37 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-16 01:14:54 -------- d-----w- c:\windows\system32\URTTEMP
2014-08-16 01:14:44 -------- d-sh--w- c:\windows\Installer
2014-08-16 01:12:48 -------- d-----w- c:\program files\CONEXANT
2014-08-15 23:12:50 60416 ------w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 23:12:50 51200 ------w- c:\windows\system32\ieetwproxystub.dll
2014-08-15 23:12:50 108032 ------w- c:\windows\system32\ieetwcollector.exe
2014-08-15 23:12:49 646144 ------w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-15 23:12:43 4096 ------w- c:\windows\system32\ieetwcollectorres.dll
2014-08-15 23:12:37 1068032 ------w- c:\windows\system32\mshtmlmedia.dll
2014-08-15 23:12:36 61952 ------w- c:\windows\system32\MshtmlDac.dll
2014-08-15 23:12:34 597504 ------w- c:\windows\system32\jscript9diag.dll
2014-08-15 23:12:32 4204032 ------w- c:\windows\system32\jscript9.dll
2014-08-15 23:08:20 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a1d8be17-a148-4f06-af1b-c6d9b7b55cb8}\mpengine.dll
2014-08-15 17:03:24 -------- d-----w- c:\users\karen\New folder (2)
2014-08-14 12:11:40 -------- d-----w- C:\Cher
2014-08-14 00:06:35 -------- d-----w- c:\windows\windows microsoft
2014-08-13 19:30:03 -------- d-----w- c:\users\karen\appdata\local\Diagnostics
2014-08-12 09:34:23 -------- d-----w- C:\paul barnum
2014-08-11 22:16:50 -------- d-----w- C:\VIPRERESCUE
2014-08-11 09:36:27 -------- d-----w- c:\users\karen\karen 2
2014-08-11 02:29:16 -------- d-----w- c:\users\karen\appdata\local\Systweak
2014-08-11 02:26:02 -------- d-----w- c:\programdata\Systweak
2014-08-11 01:58:05 -------- d-----w- c:\users\karen\appdata\roaming\ASP
2014-08-11 01:09:51 -------- d-----w- c:\users\karen\appdata\roaming\Systweak
2014-08-11 01:09:40 18280 ----a-w- c:\windows\system32\roboot.exe
2014-08-10 13:11:49 -------- d-----w- c:\users\karen\appdata\roaming\OpenDNS Updater
2014-08-10 01:12:52 -------- d-----w- c:\users\karen\appdata\roaming\AVAST Software
2014-08-10 01:11:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-10 01:11:47 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-10 01:11:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 01:11:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 01:11:45 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-10 01:11:45 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-10 01:11:45 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 01:11:36 43152 ----a-w- c:\windows\avastSS.scr
2014-08-10 01:09:38 -------- d-----w- c:\program files\AVAST Software
2014-08-07 14:24:53 4251648 ----a-w- c:\windows\system32\STLang.dll
2014-08-07 14:24:53 290898 ----a-w- c:\windows\system32\STacSV.exe
2014-08-07 14:23:29 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2014-08-07 14:23:28 417280 ----a-w- c:\windows\system32\stcplx.dll
2014-08-07 14:23:28 1278976 ----a-w- c:\windows\system32\stapo.dll
2014-08-07 14:23:27 207360 ----a-w- c:\windows\system32\st326224.dll
2014-08-07 14:23:20 -------- d-----w- c:\program files\IDT
2014-08-06 20:21:09 -------- d-----w- c:\programdata\SlimWare Utilities, Inc
2014-08-06 20:15:46 -------- d-----w- c:\program files\DriverUpdate
2014-08-05 23:10:39 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-30 04:15:28 2876528 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2014-07-30 04:15:19 42168 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
.
==================== Find3M ====================
.
2014-08-17 00:14:34 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-16 02:27:31 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-08-10 14:26:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-10 14:26:00 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-28 12:11:40 4765152 ----a-w- c:\program files\ccsetup411(2).exe
2014-02-28 12:11:19 4765152 ----a-w- c:\program files\ccsetup411(1).exe
2014-02-28 12:08:08 4765152 ----a-w- c:\program files\ccsetup411.exe
.
============= FINISH: 20:32:58.65 ===============