Jump to content

Help Removing Virus/Malware


Recommended Posts

Thank you in advance! I've read a different thread and downloaded and run Farbar with the log file attached. 

 

Things I've done:

(1) Downloaded MalwareBytes AntiMalware and run full system scans.

(2) Downloaded Panda Free Antivirus and run full system scans.

 

Both of these have found viruses/malware, and upon restarts I still have my symptom. I've run them 3 times with restarts and same problem.

 

My symptom is this:

ml8GBw5.jpg

 

Thanks again for any help!

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

 

Kevin...

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

1) Attached is Fixlog.txt

2) Here is Malwarebytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/7/2015
Scan Time: 3:49:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.07.14
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Nate Clark Kayhoe
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460736
Time Elapsed: 11 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
3) Ran AdwCleaner, attached is scan log.
4) Ran Junkware Removal Took, attached is log.
5) Ran Microsoft tool, attached is log.
 
As of right now I don't seem to have any symptoms, but I'll write back if that changes!

AdwCleanerS0.txt

Fixlog.txt

JRT.txt

mrt.log

Link to post
Share on other sites

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Link to post
Share on other sites

Rougekiller was run as specified, Here are the results:

 

RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Nate Clark Kayhoe [Administrator]
Mode : Scan -- Date : 01/08/2015  09:36:02
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 3 ¤¤¤
[suspicious.Path] 1114tbUpdateInfo.job -- C:\ProgramData\Avg_Update_1114tb\1114tb_{894B4007-9B5E-45E0-AC2B-F21D5C82A6F9}.exe ( /SETINFO /CMPID=1114tb /INFORETRY=3) -> Found
[suspicious.Path] \\0814tbUpdateInfo -- C:\ProgramData\Avg_Update_0814tb\0814tb_{6E1AB5D4-C321-4B86-804F-6B780316049B}.exe (/SETINFO /CMPID=0814tb /INFORETRY=3) -> Found
[suspicious.Path] \\1114tbUpdateInfo -- C:\ProgramData\Avg_Update_1114tb\1114tb_{894B4007-9B5E-45E0-AC2B-F21D5C82A6F9}.exe (/SETINFO /CMPID=1114tb /INFORETRY=3) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 70 (Driver: Not loaded [0xc000036b]) ¤¤¤
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6d91|jmp 0xffffffffffffef9a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6e09|jmp 0xffffffffffffef02|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6099|jmp 0xffffffffffffe582|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6009|jmp 0xffffffffffffe912|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8ce9|jmp 0xffffffffffffcdc2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd9501|jmp 0xffffffffffffc60a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8319|jmp 0xffffffffffffdad2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6d99|jmp 0xffffffffffffd9a2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x73f306be (jmp 0xfffffffffcdd94d1|jmp 0xffffffffffffc4da|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8dc9|jmp 0xffffffffffffcc92|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8181|jmp 0xffffffffffffdb6a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x73f306be (jmp 0xfffffffffd071642|jmp 0xffffffffffffea42|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73f306be (jmp 0xfffffffffcdd74a1|jmp 0xffffffffffffe74a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7261|jmp 0xffffffffffffe9aa|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8e11|jmp 0xffffffffffffc73a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd74d1|jmp 0xffffffffffffe87a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd9599|jmp 0xffffffffffffc6a2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73f306be (jmp 0xfffffffffce0c0f0|jmp 0xffffffffffffdd32|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73f306be (jmp 0xfffffffffcdd67f9|jmp 0xffffffffffffeca2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7379|jmp 0xffffffffffffe7e2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73f306be (jmp 0xfffffffffd239f05|jmp 0xffffffffffffe61a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9a73|jmp 0xffffffffffffd152|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9dcb|jmp 0xffffffffffffd282|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x73f306be (jmp 0xfffffffffecb1647|jmp 0xffffffffffffee6a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x73f306be (jmp 0xfffffffffecc4bcb|jmp 0xffffffffffffd1ea|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73f306be (jmp 0xfffffffffecbb7cc|jmp 0xffffffffffffedd2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7149|jmp 0xffffffffffffd3b2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x73f306be (jmp 0xfffffffffeca40d4|jmp 0xffffffffffffd31a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73f306be (jmp 0xfffffffffecc2712|jmp 0xffffffffffffe452|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x73f306be (jmp 0xfffffffffe888d03|jmp 0xffffffffffffd022|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9dcb|jmp 0xffffffffffffd282|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowsHookExW : Unknown @ 0x73f306be (jmp 0xfffffffffecbb7cc|jmp 0xffffffffffffedd2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PostMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9a73|jmp 0xffffffffffffd152|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7651|jmp 0xffffffffffffda3a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - ZwCreateFile : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8dc9|jmp 0xffffffffffffcc92|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x73f306be (jmp 0xfffffffffd248bd5|jmp 0xffffffffffffd44a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x73f306be (jmp 0xfffffffffcf30ac6|jmp 0xffffffffffffdc02|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6d91|jmp 0xffffffffffffef9a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6e09|jmp 0xffffffffffffef02|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6099|jmp 0xffffffffffffe582|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6009|jmp 0xffffffffffffe912|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8ce9|jmp 0xffffffffffffcdc2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd9501|jmp 0xffffffffffffc60a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8319|jmp 0xffffffffffffdad2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x73f306be (jmp 0xfffffffffcdd6d99|jmp 0xffffffffffffd9a2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x73f306be (jmp 0xfffffffffcdd94d1|jmp 0xffffffffffffc4da|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateFile : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8dc9|jmp 0xffffffffffffcc92|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8181|jmp 0xffffffffffffdb6a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x73f306be (jmp 0xfffffffffd071642|jmp 0xffffffffffffea42|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x73f306be (jmp 0xfffffffffcdd74a1|jmp 0xffffffffffffe74a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7261|jmp 0xffffffffffffe9aa|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8e11|jmp 0xffffffffffffc73a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x73f306be (jmp 0xfffffffffcdd74d1|jmp 0xffffffffffffe87a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtOpenSection : Unknown @ 0x73f306be (jmp 0xfffffffffcdd9599|jmp 0xffffffffffffc6a2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x73f306be (jmp 0xfffffffffce0c0f0|jmp 0xffffffffffffdd32|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x73f306be (jmp 0xfffffffffcdd67f9|jmp 0xffffffffffffeca2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7379|jmp 0xffffffffffffe7e2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x73f306be (jmp 0xfffffffffd239f05|jmp 0xffffffffffffe61a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9a73|jmp 0xffffffffffffd152|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageW : Unknown @ 0x73f306be (jmp 0xfffffffffecc9dcb|jmp 0xffffffffffffd282|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x73f306be (jmp 0xfffffffffecb1647|jmp 0xffffffffffffee6a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PostMessageA : Unknown @ 0x73f306be (jmp 0xfffffffffecc4bcb|jmp 0xffffffffffffd1ea|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x73f306be (jmp 0xfffffffffecbb7cc|jmp 0xffffffffffffedd2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtVdmControl : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7149|jmp 0xffffffffffffd3b2|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetMessageA : Unknown @ 0x73f306be (jmp 0xfffffffffeca40d4|jmp 0xffffffffffffd31a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWinEventHook : Unknown @ 0x73f306be (jmp 0xfffffffffecc2712|jmp 0xffffffffffffe452|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - WSASend : Unknown @ 0x73f306be (jmp 0xfffffffffe888d03|jmp 0xffffffffffffd022|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - ZwCreateFile : Unknown @ 0x73f306be (jmp 0xfffffffffcdd8dc9|jmp 0xffffffffffffcc92|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x73f306be (jmp 0xfffffffffcdd7651|jmp 0xffffffffffffda3a|call 0x1fe)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x73f306be (jmp 0xfffffffffd248bd5|jmp 0xffffffffffffd44a|call 0x1fe)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 9be1bb9a6d50ced39821aa02fa1b0158
[bSP] 3a4f54336b3cc9dcfa7a06ca52036136 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: EPSON Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
Link to post
Share on other sites

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me see that log, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin....

Link to post
Share on other sites

Thanks Kevin, here is the log. I just completed restart, have not have symptoms and am just hoping it doesn't pop up again. I'll let you know if it does:

 

 
Zoek.exe v5.0.0.0 Updated 08-January-2015
Tool run by Nate Clark Kayhoe on Thu 01/08/2015 at 16:36:39.09.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nate Clark Kayhoe\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
1/8/2015 4:37:30 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Windows\OEM05Mon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Nate Clark Kayhoe\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\Avg_Update_1214tb deleted
C:\Users\Nate Clark Kayhoe\AppData\Local\AVG SafeGuard toolbar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\WINDOWS\tasks\1114tbUpdateInfo.job deleted
C:\windows\SysNative\tasks\0814tbUpdateInfo deleted
C:\windows\SysNative\tasks\1114tbUpdateInfo deleted
C:\WINDOWS\tasks\Open Chrome.job deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\WINDOWS\Installer\a0ba3aa.msi" deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 12240 MB
CPU Info: Intel® Core i5-4440 CPU @ 3.10GHz
CPU Speed: 3172.3 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: NVIDIA GeForce GT 635 | NVIDIA GeForce GT 635 | NVIDIA GeForce GT 635
Monitors: 2x; Dell SP2208WFP(Analog) | Dell SP2208WFP(Digital) | 
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #2 | Bluetooth Device (Personal Area Network) | Dell Wireless 1703 802.11b|g|n (2.4GHz) | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD+-RW GHB0N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  917.3GB
Hard Disks - Free: C:  406.1GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE |  | DELL   - 20100118
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 0KWVT8
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Panda Free Antivirus On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Bitdefender Antivirus Free Edition On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Panda Free Antivirus disabled (Outdated)
Anti-Spyware: Bitdefender Antivirus Free Edition disabled (Outdated)
Firewall: Panda Firewall disabled
Default Browser: Google Chrome 39.0.2171.95
Internet Explorer Version: 11.0.9600.17498 
Google Chrome version: 39.0.2171.95
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2015-01-07 18:52:50 848A5EDC8964FDD947F7B5F096988967 1314970881 ----a-w- C:\WINDOWS\MEMORY.DMP
====== C:\Users\NATECL~1\AppData\Local\Temp ====
2015-01-08 14:32:23 A4E624F7658D08C1717542FA10E0A973 1467384 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\dllnt_dump.dll
2015-01-07 21:08:34 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-07 21:08:34 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\libintl3.dll
2015-01-07 21:08:34 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\pcre3.dll
2015-01-07 21:08:34 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\regex2.dll
2015-01-07 21:08:34 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-06 23:07:18 FE8986D39CF82FF9ED856571E64F4843 223344 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\wspack.dll
2015-01-06 23:07:18 DBB5106CEE548C085FC2D33E9AB59BE7 297016 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\wsutils.dll
2015-01-06 23:07:18 95B779329680265CE36BDFA0BC953A13 216664 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\unrar64.dll
2015-01-06 23:07:18 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\WPFKickstarter.exe
2015-01-06 23:07:18 6034B71DC75CB71635181457EE8EBE24 1524288 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\wslib.dll
2015-01-06 23:07:18 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\WPFKickstarter4.exe
2015-01-06 23:07:17 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
2015-01-06 23:07:17 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\ThreatScanner.exe
2015-01-06 23:07:17 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\pt-BR.exe
2015-01-06 23:07:17 804A78FF4F68125B5D4E4EEECA642FEA 126560 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\npcomm.dll
2015-01-06 23:07:17 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\ro-RO.exe
2015-01-06 23:07:17 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\trufos.sys
2015-01-06 23:07:17 0A7FC87768E1C181D3F903DF19F34A80 511232 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\trufos.dll
2015-01-06 23:07:16 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe
2015-01-06 23:07:16 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\en-US.exe
2015-01-06 23:07:16 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\it-IT.exe
2015-01-06 23:07:16 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\installerpackage.exe
2015-01-06 23:07:15 EB1E6129696EE881DE94F383BEE0B117 131552 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\core\bdcore.dll
2015-01-06 23:07:15 74AB0D9CB6EC7B9E796C0A4FED20C766 3762472 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\htmlayout.dll
2015-01-06 23:07:15 6505373F3B9261A536EF402F55B5DE79 190384 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\bdardrv.dll
2015-01-06 23:07:15 5BB8E15835F5D0A5BD99492C5D85A672 101328 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\bdmetrics.dll
2015-01-06 23:07:15 509A03DFFBB3FEC4B2BCCADCAB903C4B 76584 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\gzfltum.dll
2015-01-06 23:07:15 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\gzflt.sys
2015-01-06 23:07:15 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\avcheck.exe
2015-01-06 23:07:15 28C9690641CC746F778AB94EED54C4B0 2360064 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\additional.dll
2015-01-06 23:07:15 01726E53C80083F4C02CDB834266C68C 148160 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\bdnc.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2015-01-08 14:32:23 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2015-01-06 22:53:58 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\WINDOWS\Sysnative\drivers\PSKMAD.sys
2015-01-05 22:56:22 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudmdm.sys
2015-01-05 22:56:22 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudbus.sys
2014-12-09 23:56:51 B02118A776C368F7EE1A8CC81378D265 153920 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-12-09 23:56:51 A770340FC02B999EF0DE6C2A6BC8437C 39744 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys
2014-12-09 23:56:51 7B7C482CF48E6EE33664340D1A78E6FE 238912 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-12-09 23:56:51 24A8DFC07E4BAF29AEA26E383D4CC886 86336 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
====== C:\WINDOWS\Tasks ======
2015-01-07 14:31:10 10DA957B11264CF7E7ABD9974B46EAE6 3986 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{B397B85A-1F7C-40F7-8D95-2A93F2F0DF16}
2015-01-06 23:01:12 A70038E37373199E02BF83FCFF347B4B 3712 ----a-w- C:\WINDOWS\Sysnative\Tasks\IEError
2015-01-06 23:01:11 DF4B0A7B41192BB1A075981BB00BB54F 3528 ----a-w- C:\WINDOWS\Sysnative\Tasks\AI_Updater
2015-01-06 23:01:09 AC58870ED7151C259F0DD5892C5BACAC 3714 ----a-w- C:\WINDOWS\Sysnative\Tasks\boosterpop
2015-01-06 22:29:42 B55B3156B1A65CC23AE903ECD24A9B4A 3682 ----a-w- C:\WINDOWS\Sysnative\Tasks\IE_ERR4WDR
2015-01-06 22:29:42 54EF084EF4EB5DEDC5B9DFF40A51A321 3658 ----a-w- C:\WINDOWS\Sysnative\Tasks\HDNINSTSCHD
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-01-06 22:59:54 -------- d-----w- C:\Program Files\Bitdefender
======= C:\PROGRA~2 =====
2015-01-06 23:00:18 -------- d-----w- C:\PROGRA~2\Tuneup computer
2015-01-06 22:36:49 -------- d-----w- C:\PROGRA~2\Business Plan Pro
2015-01-06 22:29:43 -------- d-----w- C:\PROGRA~2\7-Zip
2015-01-06 22:29:32 -------- d-----w- C:\PROGRA~2\Portable WeatherApp
======= C: =====
====== C:\Users\Nate Clark Kayhoe\AppData\Roaming ======
2015-01-07 22:10:53 -------- d-----r- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-07 20:16:15 -------- d-sh--w- C:\Users\Nate Clark Kayhoe\AppData\Locallow\EmieBrowserModeList
2015-01-07 14:31:08 -------- d-sh--w- C:\Users\Nate Clark Kayhoe\AppData\Local\EmieBrowserModeList
2015-01-07 04:42:35 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\QuickScan
2015-01-06 22:59:49 -------- d-----w- C:\Users\Nate Clark Kayhoe\AppData\Local\PCTuner1
2015-01-06 22:59:16 -------- d-----w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\QuickScan
2014-12-31 23:01:31 -------- d-sh--w- C:\Users\Guest\AppData\Local\EmieBrowserModeList
2014-12-31 23:01:28 -------- d-sh--w- C:\Users\Guest\AppData\Locallow\EmieBrowserModeList
2014-12-12 20:01:00 -------- d-----w- C:\Users\Guest\AppData\Roaming\Foxit Software
====== C:\Users\Nate Clark Kayhoe ======
2015-01-08 14:32:22 -------- d-----w- C:\ProgramData\RogueKiller
2015-01-08 14:32:01 4A6979006BA4A7B31153C9309E4DE0FB 15340120 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\RogueKiller.exe
2015-01-07 22:40:37 9B632FAD4D2F6AF5C0B5E4C559EE33AF 98109 ----a-w- C:\ProgramData\1420670401.bdinstall.bin
2015-01-07 22:40:01 E2C605E9343053B0DBC4FD5D0AA10AF2 37669 ----a-w- C:\ProgramData\1420670400.bdinstall.bin
2015-01-07 21:13:03 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-07 20:50:34 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\JRT.exe
2015-01-07 20:50:03 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\AdwCleaner.exe
2015-01-07 19:57:01 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\FRST64.exe
2015-01-07 04:41:06 AFB4B9546434D4FEDFABD99F26B57B0A 185956 ----a-w- C:\ProgramData\1420605589.bdinstall.bin
2015-01-06 23:12:01 -------- d-----w- C:\ProgramData\Tuneup computer
2015-01-06 23:08:05 E339F0CE725E25B30AD9975491A16B18 138414 ----a-w- C:\ProgramData\1420585157.bdinstall.bin
2015-01-06 23:00:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
2015-01-06 22:59:09 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Antivirus_Free_Edition_x64.exe
2015-01-06 22:59:01 DE1F74C3471F2C9A8C0B3969E692F7B2 162208 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Antivirus_Free_Edition.exe
2015-01-06 22:37:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Plan Pro
2015-01-06 22:29:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-06 22:29:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
2014-12-27 02:21:57 F1DC86309E6001247E51AD00F1BE8BF4 7781026 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\openttd-1.4.4-windows-win64.exe
2014-12-22 02:09:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
 
====== C: exe-files ==
2015-01-08 14:32:01 4A6979006BA4A7B31153C9309E4DE0FB 15340120 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\RogueKiller.exe
2015-01-07 21:13:03 AA95D278EC9A7D49375FC0F0B4783E51 36904648 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-07 21:08:34 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-07 20:50:34 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\JRT.exe
2015-01-07 20:50:03 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\AdwCleaner.exe
2015-01-07 19:57:01 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Nate Clark Kayhoe\Desktop\FRST64.exe
2015-01-07 04:40:57 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe
2015-01-07 04:40:57 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\ThreatScanner.exe
2015-01-07 04:40:57 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe
2015-01-07 04:40:57 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\pt-BR.exe
2015-01-07 04:40:57 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter.exe
2015-01-07 04:40:57 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\ro-RO.exe
2015-01-07 04:40:57 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\en-US.exe
2015-01-07 04:40:57 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\it-IT.exe
2015-01-07 04:40:57 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\installerpackage.exe
2015-01-07 04:40:57 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter4.exe
2015-01-07 04:40:56 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\avcheck.exe
2015-01-07 04:40:52 B8E08510721D367F1330F6A0B9CA9F99 1312072 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
2015-01-07 04:40:52 B34E17D28EB63DE8C5AD60539AF421A4 602872 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray4.exe
2015-01-07 04:40:52 3F5DD8A7CA79C562AF939067E8B07764 153280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel4.exe
2015-01-07 04:40:52 33205C6D38A2A4B3766230A489B56396 218736 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdreinit.exe
2015-01-07 04:40:51 DE6C895E14E7D7D45A1A7276754BDB92 19944 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzifaceexec.exe
2015-01-07 04:40:51 C426283AD9FAD74726C961373E5B9E4A 254280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
2015-01-07 04:40:51 B5CBEB9EB25A8230463037A647BC1469 69368 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
2015-01-07 04:40:51 9CB162599CBA2CD46090A3CB093FE6E5 74000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\driverctrl.exe
2015-01-07 04:40:51 82C67B91F26DE0CB7315E2CE622433E2 524032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray.exe
2015-01-07 04:40:51 5A9C5CE8BDCA8568D798259A31991893 70928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\setloadorder.exe
2015-01-07 04:40:51 1D5559AB66613ED08A639C342F44D207 17896 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\elevator.exe
2015-01-07 04:40:51 12806F9E1F69F73D6EAF1E2F172E3E12 153232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel.exe
2015-01-06 23:07:18 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\WPFKickstarter.exe
2015-01-06 23:07:18 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\WPFKickstarter4.exe
2015-01-06 23:07:17 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
2015-01-06 23:07:17 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\ThreatScanner.exe
2015-01-06 23:07:17 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\pt-BR.exe
2015-01-06 23:07:17 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\ro-RO.exe
2015-01-06 23:07:16 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe
2015-01-06 23:07:16 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\en-US.exe
2015-01-06 23:07:16 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\lang\it-IT.exe
2015-01-06 23:07:16 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\installerpackage.exe
2015-01-06 23:07:15 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\avcheck.exe
2015-01-06 23:00:01 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\IE\NS9QIU4Q\ThreatScanner[1].exe
2015-01-06 22:59:53 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\IE\XODF7PAY\installerpackage[1].exe
2015-01-06 22:59:50 348352D8B49DED10513829AEBEE2F814 6391416 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\PCTuner1\PCTuner1.exe
2015-01-06 22:59:09 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Antivirus_Free_Edition_x64.exe
2015-01-06 22:59:09 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\IE\0Q2URSBI\Antivirus_Free_Edition_x64[1].exe
2015-01-06 22:59:01 DE1F74C3471F2C9A8C0B3969E692F7B2 162208 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Antivirus_Free_Edition.exe
2015-01-06 22:35:34 5B08697D515D6A5455D75AF45640E9D7 38215008 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\PaloAlto..15 BusinessPlan.Pro.15th.Ed\Business Plan Pro 15th.exe
2015-01-06 22:35:33 45818F98F96DA2FB57AE1A2B957EC381 58368 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\PaloAlto..15 BusinessPlan.Pro.15th.Ed\keygen.exe
2015-01-06 22:33:48 566E5A612A69836FF7B212F89596F5F1 704576 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\Handlesoft\7Zip_9.20.exe
2015-01-06 22:29:45 78E662D435A8E1F5B9CED236FD331856 58641 ----a-w- C:\Program Files (x86)\7-Zip\Uninstall.exe
2015-01-06 20:29:19 6E41E16283463ED20104480490541D0D 11231456 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
2015-01-05 22:56:24 9DA3B55B17B54789AFB8C657D4ACE4D7 743688 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
2015-01-05 22:55:05 86582D65473AFE200DE6524196BC775B 16007072 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2015-01-05 22:54:50 565C3D847F22073CC0663C41918BA974 845120 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
2015-01-05 22:54:47 C4F933CFAC0BD7B0C5E90655A3B3FEC3 624448 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
2015-01-05 22:54:46 F8A3337DE768B126B061F1B7CD38A436 311616 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
2015-01-05 22:54:46 B6F726EEB8A5CF6E44238A0DEA46B44C 277824 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
2015-01-05 22:54:45 60528C364C78B3C391B6055AAB00FB16 3835040 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
2015-01-05 22:54:45 5AD444EAA513B02157DD26CCB5FD62C6 559936 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
2015-01-05 22:54:45 2F85D5E63A1ECE08085D32C1B615BBFD 1562264 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
2015-01-05 22:54:37 E6F6AA97A8F9D852CDA79C7A038E2D82 173568 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
2015-01-05 22:54:36 ABE83C5A7C9E84BE3ED3EC53A9FC0AEB 353280 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
2015-01-05 22:54:36 8A11174DB7EA5BD416925682E6A6D242 67904 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
2015-01-05 22:54:36 200460EC42339C5A7C160F99EEBB0C47 698368 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
2015-01-05 22:54:35 2A5CFA6F6869445F7E20E845EB3E08AF 65856 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
2015-01-05 22:54:07 C4F933CFAC0BD7B0C5E90655A3B3FEC3 624448 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
=== C: other files ==
2015-01-08 14:32:23 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-01-08 04:43:06 B6733EAD68CEF643F7A3EF5A8FF6AE5D 5124 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj\4.35_0\js\libs\bootstrap-datepicker-master\docs\make.bat
2015-01-07 21:08:33 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\misc.bat
2015-01-07 21:08:33 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\prelim.bat
2015-01-07 21:08:33 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\TDL4.bat
2015-01-07 21:08:33 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\get.bat
2015-01-07 21:08:33 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\medfos.bat
2015-01-07 21:08:33 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\surfvox.bat
2015-01-07 21:08:33 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\runvalues.bat
2015-01-07 21:08:33 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-07 21:08:33 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\firefox.bat
2015-01-07 21:08:33 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-07 21:08:33 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\ask.bat
2015-01-07 21:08:33 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\iexplore.bat
2015-01-07 21:08:33 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\delfolders.bat
2015-01-07 21:08:33 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\mws.bat
2015-01-07 21:08:33 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\jrt\chrome.bat
2015-01-07 04:40:57 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\trufos.sys
2015-01-07 04:40:56 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\gzflt.sys
2015-01-07 04:40:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\avchv.sys
2015-01-07 04:40:51 C0247341C1BCD7FF2742821D0AD7AFBC 121928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
2015-01-07 04:40:51 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avc3.sys
2015-01-07 04:40:51 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avckf.sys
2015-01-07 04:40:51 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avchv.sys
2015-01-07 04:40:51 140FE153F556D543EBFD5B751DC89EE5 138920 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys
2015-01-06 23:07:17 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\trufos.sys
2015-01-06 23:07:15 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\Nate Clark Kayhoe\AppData\Local\Temp\GZ_INSTALL_0\gzflt.sys
2015-01-06 23:00:12 03D86C99C0A7818D61E9E7DB97D7FE21 25543261 ----a-w- C:\Users\Nate Clark Kayhoe\Downloads\cce_2.5.242177.201_x64.zip
2015-01-06 22:53:58 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2015-01-05 22:56:24 C9700F35EFBD6CD6A056774D51FDCC4D 83200 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys
2015-01-05 22:56:24 5ED6B9921766E32E45B0EC4A51B33EFC 61696 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys
2015-01-05 22:56:24 403A578649DDF0D0C560E0D9DD58ECC5 23296 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ss_conn_usb_driver.sys
2015-01-05 22:56:24 389148FB4E2B893AFF0F81F32523EF69 34688 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys
2015-01-05 22:56:23 FB5D5F173455EB02E2F3512FCEDB7DAA 335104 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudqcnet.sys
2015-01-05 22:56:23 A471CFF55D4C0F3C9F5DB27EAB176977 184192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys
2015-01-05 22:56:23 7E9755A50F753DB747572AB95DB09BB2 184192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys
2015-01-05 22:56:23 7A5FB3E4E0D77740D56E516EE6B2DC2B 89856 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys
2015-01-05 22:56:23 5EE6503C932CB79B493E4B4D8E23D219 184192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys
2015-01-05 22:56:23 0C19DCB52D54AFA3308D0707FFCAE0CC 46848 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys
2015-01-05 22:56:23 01D54BFD6F2F09EE0D38D47D06E30287 184192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys
2015-01-05 22:56:22 F7093A27C4AF6D9EEA0ACAC1C4FF6828 206080 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys
2015-01-05 22:56:22 EE6A9E6C352C8F6E22DEBB3141F5DCAA 386816 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudqcnet.sys
2015-01-05 22:56:22 B5D5A1846972B7F93BDC6333272D750E 206080 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys
2015-01-05 22:56:22 A07F59F11B076BA50B958768438FA227 95488 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys
2015-01-05 22:56:22 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2015-01-05 22:56:22 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys
2015-01-05 22:56:22 72EF2E615BDF8A00C94E7B77AFDAED62 52480 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys
2015-01-05 22:56:22 5975B3494B9997194574BB66BEFE3286 40704 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys
2015-01-05 22:56:22 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2015-01-05 22:56:22 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys
2015-01-05 22:56:22 2BECFFD88B40EE62FE38FB3DC2277557 26368 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ss_conn_usb_driver.sys
2015-01-05 22:56:22 162A54847FB9F03418B35078DB7F552D 70400 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys
2015-01-05 22:56:22 124ACBF685E47238B0DFCFA6CB1A7810 206080 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys
2015-01-05 22:56:07 CCAAC4BBD81EAEF50535913E149959B2 16384 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\24_flashusbdriver\WIN32\FlashUsb.sys
2015-01-05 22:56:07 322761FBC5D9439EE46FA997B4F88064 19968 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\24_flashusbdriver\X64\flashusb.sys
2015-01-05 22:56:03 D44F264BA03A7EB3BC8B4DB871251948 12616 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\20_NXP_Driver\i386\ssduwhnt.sys
2015-01-05 22:56:03 AE3970CF0D14A0E3F1DB7D7B92FC499E 15944 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\20_NXP_Driver\amd64\ssduwhnt.sys
2015-01-05 22:56:03 5CB8CE3CB1BB8A205DA6311509188668 80968 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\20_NXP_Driver\i386\ssdudfu.sys
2015-01-05 22:56:03 29011AE5334C1E1A3141B7BE199858FC 101960 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\20_NXP_Driver\amd64\ssdudfu.sys
2015-01-05 22:56:02 FE9FA1AAE4D00CA73ADEF4437CD89679 17224 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadcmnt.sys
2015-01-05 22:56:02 D6CFD3B2EABCF9327DE39C62BABFA1E3 21320 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadmdfl.sys
2015-01-05 22:56:02 5EB01E6148742C3EC2185AC92F6D16FD 188232 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadmdm.sys
2015-01-05 22:56:02 52D6F40B50ECFC051979FEC68E74F0F8 169288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadbus.sys
2015-01-05 22:56:02 3CF7A4350C9646D92F147D620EC0D363 38080 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadadb.sys
2015-01-05 22:56:02 0D7B007DEA662EE90C87CB0AEA5D692A 17736 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadwhnt.sys
2015-01-05 22:56:01 FF20F67DD5644BD1D2E7FCD95AF7F03B 158024 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\amd64\ssadserd.sys
2015-01-05 22:56:01 BB6EDB0257860083193CC1581AC7D485 136904 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadbus.sys
2015-01-05 22:56:01 9EFD9F42795C9E90206C1E9A9B25E8D3 130248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadserd.sys
2015-01-05 22:56:01 88BBDA3D977429C6DAB0991EC5339A19 15304 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadwhnt.sys
2015-01-05 22:56:01 5BCB68F7B62159C07789D3F405750623 17864 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadmdfl.sys
2015-01-05 22:56:01 370168F1FD1CEF45DA470A44439426CA 15560 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadcmnt.sys
2015-01-05 22:56:01 2F8616646215EEDB28C2E40994DB8E38 32064 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadadb.sys
2015-01-05 22:56:01 1588A89F9CD9E68DE9FCC9F60FDB5C08 153672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\16_Shrewsbury\i386\ssadmdm.sys
2015-01-05 22:56:00 DBF83E9BB5BB53223A519EB79B477E10 17408 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\09_Hsp\i386\hspusb.sys
2015-01-05 22:56:00 70BF608172E040C96EFE99AF0E4B063E 74752 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\11_HSP_Plus_Default\i386\mbtusbser.sys
2015-01-05 22:56:00 26910E5CB2CDCA5E480C58C21E3B34FC 87936 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\11_HSP_Plus_Default\amd64\mbtusbser.sys
2015-01-05 22:56:00 16BD2CECA46F955C1362564D83662E58 24064 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\09_Hsp\amd64\hspusb.sys
2015-01-05 22:55:59 F9F4BC8A7EC80F39DE8323D0D1BC85FE 12288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bwhnt.sys
2015-01-05 22:55:59 EF806D212D34B0E173BAEB3564D53E37 127488 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bbus.sys
2015-01-05 22:55:59 CC98D196AFAD3580E454DDED14BDAC7A 15872 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bwhnt.sys
2015-01-05 22:55:59 B89D62206034E5FE573C80A24DD55675 14848 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bmdfl.sys
2015-01-05 22:55:59 994D2E5378CC337EC7DD73C1E04FCAA4 100224 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bserd.sys
2015-01-05 22:55:59 946684DEF391FA17A830091EA84E74FE 15360 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bcmnt.sys
2015-01-05 22:55:59 71A9DA6BEAA4CB54DFB827FB78600A5D 161280 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bmdm.sys
2015-01-05 22:55:59 677CDC98F8363ACCAAE783FDE1599C2A 128000 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bserd.sys
2015-01-05 22:55:59 3F0164FBC0BD1ADBD02DF9759181451A 98432 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bbus.sys
2015-01-05 22:55:59 2DD4E8844F8F094659DD695A80FED36E 12416 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bcmnt.sys
2015-01-05 22:55:59 1ED0FCEA586FE2A416EE15196E5631DD 123648 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\i386\ss_bmdm.sys
2015-01-05 22:55:59 08B1B34ABEBEB6AC2DEA06900C56411E 18944 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\07_Schorl\amd64\ss_bmdfl.sys
2015-01-05 22:55:58 FA03D4C16F2F7ACD43E6317767764E0C 169288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\sscebus.sys
2015-01-05 22:55:58 EB5818115562D45A66E23C85C90E9442 158024 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\ssceserd.sys
2015-01-05 22:55:58 5D00795AD1BBD618A0CF993E979E0143 17224 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\sscecmnt.sys
2015-01-05 22:55:58 50C23ED603E5DF8A7CF1D56DDEF31A15 21320 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\sscemdfl.sys
2015-01-05 22:55:58 2697A4F6BA959FDD45249C9DE1D725E8 17736 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\sscewhnt.sys
2015-01-05 22:55:58 1F48814204F6B2C03687A1675772E899 188232 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\amd64\sscemdm.sys
2015-01-05 22:55:57 F45937AB7F170570DC40F7A00F65AAF9 16768 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscecm95.sys
2015-01-05 22:55:57 D72A342711D3CB977BE9F2605EE853B5 13184 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscewh95.sys
2015-01-05 22:55:57 9428B5CA620EBB466BF82C834AD90285 10624 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscecr.sys
2015-01-05 22:55:57 82E42B6977C614CC9D036723D410A1DF 153672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscemdm.sys
2015-01-05 22:55:57 7E7493BBEE5468BB34C9E019A06F5310 15304 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscewhnt.sys
2015-01-05 22:55:57 718442270A7719652DF0BDD5A85B3B46 15560 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscecmnt.sys
2015-01-05 22:55:57 625A76BFBB915F7AE8141A4165F41E88 130376 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\ssceserd.sys
2015-01-05 22:55:57 33B11FF28DF39D086E3D80ACC0F87D90 136904 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscebus.sys
2015-01-05 22:55:57 2635EB2E07E7389977E1F87B2570E655 17864 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\04_semseyite\i386\sscemdfl.sys
2015-01-05 22:55:56 DF11D259C10C9D0DFCCBA1093C5DB1BD 169288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdbus.sys
2015-01-05 22:55:56 BF6F31B9F5A98400DFB42CDB2C6537E1 130248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdserd.sys
2015-01-05 22:55:56 96E20FE523F992F96CCA23B2437F5CC7 15304 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdwhnt.sys
2015-01-05 22:55:56 68820F9A67F0D170A6842094EBDCD924 17864 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdmdfl.sys
2015-01-05 22:55:56 6166669C3BC2624EA479A482AE663E21 17736 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdwhnt.sys
2015-01-05 22:55:56 3EF9386DC95BF2AE60D08367E5E4E785 21320 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdmdfl.sys
2015-01-05 22:55:56 187C98B48C70400C7CE5F11EC2BB9214 17224 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdcmnt.sys
2015-01-05 22:55:56 1381D76044350F327539E47B67367992 158024 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdserd.sys
2015-01-05 22:55:56 0A3B7562002C50F208FCCDEB7380B57B 153672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdmdm.sys
2015-01-05 22:55:56 00D2AA893C662A9EB9B779F6CA2B0DFB 188232 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\amd64\sscdmdm.sys
2015-01-05 22:55:55 E6CE6348A4F6E06925548F62527F0F99 136776 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdbus.sys
2015-01-05 22:55:55 8F40A62436A05A8963391DFB1D9F2876 15560 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\03_Swallowtail\i386\sscdcmnt.sys
2015-01-05 22:55:54 ED2EE4BA7169D0A68B2FBB7DCFA6D69D 12544 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_cmnt.sys
2015-01-05 22:55:54 E09E2592DB41BF4B5DDF7F80B2F296FE 12416 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_whnt.sys
2015-01-05 22:55:54 C0BA1357C63DEACF3B3CCF4B989FEF06 132608 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_mdm.sys
2015-01-05 22:55:54 BF8401AF15EB892A812C288BFF7F366D 10760 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_cr.sys
2015-01-05 22:55:54 A3B8B77B3D74D89489827C94D4E9F93F 16648 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_cm95.sys
2015-01-05 22:55:54 A2551BFA549D794B2943E8949115FEA6 15872 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\amd64\ssm_whnt.sys
2015-01-05 22:55:54 9ECE19A1A4F4896597C3BB840FBFA721 104448 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_bus.sys
2015-01-05 22:55:54 8E93A17A5253999A0E7C332F475699DC 14848 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_mdfl.sys
2015-01-05 22:55:54 8E1B485AEBF4743F05B4FB162F6ED430 136192 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\amd64\ssm_bus.sys
2015-01-05 22:55:54 5AA4563B1B5AAC10D3979CC7E9F6C6D6 15360 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\amd64\ssm_cmnt.sys
2015-01-05 22:55:54 591B6764D57EBA44094E47F48949203C 13448 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\i386\ssm_wh95.sys
2015-01-05 22:55:54 1FFCC272F19BD84596378780F5C9843D 172032 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\amd64\ssm_mdm.sys
2015-01-05 22:55:54 1DFDEE4A0E168B6362A6A0778EAFDB55 18944 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\02_Siberian\amd64\ssm_mdfl.sys
2015-01-05 22:55:53 EF40C8A268A5263A0EF48FED8E57CBED 161280 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\amd64\ss_mdm.sys
2015-01-05 22:55:53 D21FF3592DAEE244EE8376830A672B52 127488 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\amd64\ss_bus.sys
2015-01-05 22:55:53 BB8238DEB31EA703BBA558DD981405CA 3840 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_cr.sys
2015-01-05 22:55:53 B96A2A5FED060C0CF9F2A75ABF3B5CDC 15360 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\amd64\ss_cmnt.sys
2015-01-05 22:55:53 B629928BB05B91CFF8378F277603F75A 12288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_whnt.sys
2015-01-05 22:55:53 AB90FDA84DD20FAF3408A95E02ED7F53 15872 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\amd64\ss_whnt.sys
2015-01-05 22:55:53 54946449A0EB74915A4BB34F7EE51A5A 98560 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_bus.sys
2015-01-05 22:55:53 451DB3D10E6112E06B4506D4A7BECEC1 18944 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\amd64\ss_mdfl.sys
2015-01-05 22:55:53 4450BC0B2E9D7D9B90E3C3DE4EA00A78 14848 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_mdfl.sys
2015-01-05 22:55:53 30B8D0DD01EAD1243F329CAF7D7D1517 123776 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_mdm.sys
2015-01-05 22:55:53 01FAF94DE32A4D2944BD845F462EE5B8 12416 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\01_Simmental\i386\ss_cmnt.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_32C757781565BE0EFF641EE7F2A83312"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"uTorrent"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Spotify"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Google Update"="C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Facebook Update"="C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"OEM05Mon.exe"="C:\WINDOWS\OEM05Mon.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_32C757781565BE0EFF641EE7F2A83312"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"uTorrent"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Spotify"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Google Update"="C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Facebook Update"="C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"BtPreLoad"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"Bitcasa"="C:\Program Files\Bitcasa\BitcasaBoot.exe C:\Program Files\Bitcasa\Bitcasa.exe /startup"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
 
==== Startup Folders ======================
 
2014-12-21 13:52:58 1117 ----a-w- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
2014-06-01 16:27:22 1992 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\EPSON XP-410 Series Invitation {54701814-E1ED-48CB-81ED-8243FD8E4D0E}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.exe [02/28/2013 12:20 AM]
C:\WINDOWS\tasks\EPSON XP-410 Series Invitation {E27CE222-2DD4-4335-9985-9282DB33C447}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.exe [02/28/2013 12:20 AM]
C:\WINDOWS\tasks\EPSON XP-410 Series Update {54701814-E1ED-48CB-81ED-8243FD8E4D0E}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.exe [02/28/2013 12:20 AM]
C:\WINDOWS\tasks\EPSON XP-410 Series Update {E27CE222-2DD4-4335-9985-9282DB33C447}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.exe [02/28/2013 12:20 AM]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job --a-------- C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/21/2014 07:40 PM]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job --a-------- C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe [07/21/2014 07:40 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/01/2014 08:28 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/01/2014 08:28 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core.job --a-------- C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe [06/18/2014 05:48 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA.job --a-------- C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe [06/18/2014 05:48 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\AI_Updater" ["C:\Program Files (x86)\Tuneup computer\updater.exe"]
"C:\WINDOWS\SysNative\tasks\boosterpop" ["C:\Program Files (x86)\Tuneup computer\Probsalert.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\EPSON XP-410 Series Invitation {54701814-E1ED-48CB-81ED-8243FD8E4D0E}" [C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE]
"C:\WINDOWS\SysNative\tasks\EPSON XP-410 Series Invitation {E27CE222-2DD4-4335-9985-9282DB33C447}" [C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE]
"C:\WINDOWS\SysNative\tasks\EPSON XP-410 Series Update {54701814-E1ED-48CB-81ED-8243FD8E4D0E}" [C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE]
"C:\WINDOWS\SysNative\tasks\EPSON XP-410 Series Update {E27CE222-2DD4-4335-9985-9282DB33C447}" [C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core" [C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA" [C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001Core" [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2179773923-3527668487-1133873981-1001UA" [C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HDNINSTSCHD" ["C:\WINDOWS\PCBHDNW\hdnInstaller.exe"]
"C:\WINDOWS\SysNative\tasks\IEError" ["C:\Program Files (x86)\Tuneup computer\Popialert.exe"]
"C:\WINDOWS\SysNative\tasks\IE_ERR4WDR" ["C:\Program Files (x86)\Portable WeatherApp\IEError.exe"]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B397B85A-1F7C-40F7-8D95-2A93F2F0DF16}" [C:\WINDOWS\system32\msfeedssync.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [12/21/2014 09:04 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
 
Google Slides - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
SMS from Gmail™ & Facebook™ (MightyText) - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj
Google Wallet - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.silive.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.slidefinder.net_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_planetsave.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.newstogram.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.deals.ebay.com_0.localstorage deleted successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E6CE73F4-147D-422E-A41A-21F9CB7A395B} Unknown  Url="Not_Found"
 
==== Reset Google Chrome ======================
 
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2179773923-3527668487-1133873981-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E6CE73F4-147D-422E-A41A-21F9CB7A395B} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\WINDOWS\OEM05Mon.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_32C757781565BE0EFF641EE7F2A83312] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nate Clark Kayhoe\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [spotify] "C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Nate Clark Kayhoe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nate Clark Kayhoe\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator-cbfs5 - {44C5C42F-40EE-4369-AA22-BEDFF7F39B1D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {44C5C42F-40EE-4369-AA22-BEDFF7F39B1D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\IE\IIH2ZXR4 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=40 folders=13 30685719 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Nate Clark Kayhoe\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\NATECL~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Nate Clark Kayhoe\AppData\Local\Microsoft\Windows\INetCache\IE\IIH2ZXR4" not found
 
==== EOF on Thu 01/08/2015 at 16:50:36.67 ======================
Link to post
Share on other sites

Thanks for the log, let me know if there are any remaining issues or concerns... Run the following:

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Thanks,

 

Kevin..

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.93  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Panda Free Antivirus   

Windows Defender       

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Google Chrome (39.0.2171.71) 

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Excellent, run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Leave Delfix for now, run the following:

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Next,

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     
            Sections
            IAT/EAT
            Show All ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

Let me see those two logs....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Yes, my panda security says it's unprotected and I can turn on antivirus so that must mean it's off.

 

Yes, RougeKiller worked. Here is the log:

 

RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Nate Clark Kayhoe [Administrator]
Mode : Scan -- Date : 01/09/2015  15:02:35
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uxtcqfow (\??\C:\Users\NATECL~1\AppData\Local\Temp\uxtcqfow.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uxtcqfow (\??\C:\Users\NATECL~1\AppData\Local\Temp\uxtcqfow.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 9be1bb9a6d50ced39821aa02fa1b0158
[bSP] 3a4f54336b3cc9dcfa7a06ca52036136 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_01082015_093602.log - RKreport_SCN_01092015_113708.log
Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan" completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uxtcqfow (\??\C:\Users\NATECL~1\AppData\Local\Temp\uxtcqfow.sys) -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uxtcqfow (\??\C:\Users\NATECL~1\AppData\Local\Temp\uxtcqfow.sys) -> Found

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked.

Hit the Delete button, when complete select "Report" post that log...

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


      Internet access
      Windows Update
      Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

RogueKiller V10.1.2.0 [Jan  7 2015] by Adlice Software





 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : Nate Clark Kayhoe [Administrator]

Mode : Delete -- Date : 01/09/2015  16:37:34

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 6 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uxtcqfow -> Deleted

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uxtcqfow -> Deleted

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++

--- User ---

[MBR] 9be1bb9a6d50ced39821aa02fa1b0158

[bSP] 3a4f54336b3cc9dcfa7a06ca52036136 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_SCN_01082015_093602.log - RKreport_SCN_01092015_113708.log - RKreport_SCN_01092015_150235.log - RKreport_SCN_01092015_163604.log

 

MBAR:


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17498

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.093000 GHz

Memory total: 12833763328, free: 7537893376

 

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17498

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.093000 GHz

Memory total: 12833763328, free: 7762419712

 

Downloaded database version: v2015.01.09.16

Downloaded database version: v2015.01.07.01

Downloaded database version: v2014.12.06.01

=======================================

------------ Kernel report ------------

     01/09/2015 16:40:46

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\iaStorA.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\NNSNAHSL.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\psinknc.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\system32\DRIVERS\NNSTlsc.sys

\SystemRoot\system32\DRIVERS\NNSStrm.sys

\SystemRoot\system32\DRIVERS\NNSSmtp.sys

\SystemRoot\system32\DRIVERS\NNSPrv.sys

\SystemRoot\system32\DRIVERS\NNSProt.sys

\SystemRoot\system32\DRIVERS\NNSPop3.sys

\SystemRoot\system32\DRIVERS\NNSPihsw.sys

\SystemRoot\system32\DRIVERS\NNSPicc.sys

\SystemRoot\system32\DRIVERS\NNSIds.sys

\SystemRoot\system32\DRIVERS\NNSHttps.sys

\SystemRoot\system32\DRIVERS\NNSHttp.sys

\SystemRoot\system32\DRIVERS\NNSAlpc.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\??\C:\WINDOWS\system32\drivers\cbfs5.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\HECIx64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\UEFI.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\btath_bus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\System32\drivers\bthpan.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\System32\drivers\btath_rcp.sys

\SystemRoot\system32\drivers\btath_avdt.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\System32\drivers\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_iaStorA.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\PSINAflt.sys

\SystemRoot\system32\DRIVERS\PSINProt.sys

\SystemRoot\system32\DRIVERS\PSINFile.sys

\SystemRoot\system32\DRIVERS\PSINProc.sys

\SystemRoot\system32\DRIVERS\PSINReg.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\drivers\umpass.sys

\SystemRoot\system32\DRIVERS\OEM05Vid.sys

\SystemRoot\system32\DRIVERS\OEM05Vfx.sys

\SystemRoot\system32\drivers\usbaudio.sys

\??\C:\WINDOWS\system32\Drivers\OEM05Afx.sys

\??\C:\Users\NATECL~1\AppData\Local\Temp\uxtcqfow.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffe0009d7e9350

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000002d\

Lower Device Object: 0xffffe0009b3da7f0

Lower Device Driver Name: \Driver\iaStorA\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe0009d7e9350, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0009d7e8040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0009d7e9350, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0009b3da520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffe0009be823a0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffe0009b3da7f0, DeviceName: \Device\0000002d\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 6405E17D

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 919744035

    GPT Header CurrentLba = 1 BackupLba 1953525167

    GPT Header FirstUsableLba 34  LastUsableLba 1953525134

    GPT Header Guid 6873f80c-49c6-4cd8-991c-5f6f6381bdfe

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 919744035

    Backup GPT header CurrentLba = 1953525167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134

    Backup GPT header Guid 6873f80c-49c6-4cd8-991c-5f6f6381bdfe

    Backup GPT header Contains 128 partition entries starting at LBA 1953525135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 6861de9e-fc72-4d80-b028-b4642157f21

    FirstLBA 2048  Last LBA 1026047

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 0 is bootable

    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965

    Partition ID cc9726e5-e9df-41ed-bc8b-8de20c653d

    FirstLBA 1026048  Last LBA 1107967

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID a92dc58c-74c8-403d-962f-267de1d51d8a

    FirstLBA 1107968  Last LBA 1370111

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 80b2a608-4111-4df8-9d33-cee4b844f66

    FirstLBA 1370112  Last LBA 2373631

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID a420d52a-72a5-491d-a4ff-1c0b1de85f5

    FirstLBA 2373632  Last LBA 1926103039

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 484a017-946a-4468-b41b-d7ea71d8e950

    FirstLBA 1926103040  Last LBA 1927024639

    Attributes 1

    Partition Name                                     

 

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 97edf6eb-65ec-4852-a78f-3e5653876aee

    FirstLBA 1927024640  Last LBA 1953523119

    Attributes 1

    Partition Name         Microsoft recovery partition

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

 


Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

 

Database version: v2015.01.09.16

 

Windows 8.1 x64 NTFS

Internet Explorer 11.0.9600.17498

Nate Clark Kayhoe :: YAWHOOBEAST [administrator]

 

1/9/2015 4:40:54 PM

mbar-log-2015-01-09 (16-40-54).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 460070

Time elapsed: 12 minute(s), 7 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 


Link to post
Share on other sites

Please read carefully and follow these steps.


Download TDSSKiller from here  http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
 
Doubleclick on tdssk.jpg to run the application.
 
The "Ready to scan" window will open, Click on "Change parameters" 
 
 
tda.png
 
 
Place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
 
 
 
td1.png
 
 
Select "Start Scan"
 
 
tdb.png
 
 
If an infected file is detected, the default action will be Cure, click on Continue.
 
 
td2.png
 
 
If a suspicious file is detected, the default action will be Skip, click on Continue.
 
 
td3.png
 
 
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
 
 
td4.png
 
 
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.