I need Help removing Backdoor Win32/Fynloski.A

mickoh10 · April 24, 2014

I have tried using malwarebytes to remove the Backdoor Win32/Fynloski.A but to no avail, please help

MrCharlie · April 24, 2014

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Download DDS from one of the links below and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 or Win 8 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs: DDS.txt and Attach.txt

Save both reports to your desktop

Please Copy & Paste the contents of the following logs in your next reply

You can ignore the note about zipping the Attach.txt file

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

mickoh10 · April 25, 2014

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16521
IMSEOLab :: IMSEOLAB-PC [administrator]

Protection: Enabled

4/25/2014 9:15:43 AM
mbam-log-2014-04-25 (09-15-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313246
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\runonce|5raxzje9a8 (Trojan.Agent.AIVB) -> Data: C:\Users\IMSEOLab\5raxzje9a8\26202.vbs -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MrCharlie · April 25, 2014

I need to see the rest of the scans.

MrC

mickoh10 · April 25, 2014

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 2/26/2014 12:03:42 AM
System Uptime: 4/25/2014 1:20:03 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3676
Processor: Celeron® Dual-Core CPU       T3500 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 13.78 GiB free.
E: is FIXED (NTFS) - 111 GiB total, 10.643 GiB free.
F: is FIXED (NTFS) - 20 GiB total, 18.916 GiB free.
G: is CDROM ()
I: is Removable
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP138: 4/25/2014 10:26:35 AM - Removed Camtasia Studio 8
RP139: 4/25/2014 11:05:48 AM - Removed FiverrBot
RP140: 4/25/2014 11:07:50 AM - Removed PrPowershot
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 12 ActiveX & Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player + Authorware Web Player
Advanced SystemCare Ultimate 7
AOMEI Backupper
Apple Application Support
Apple Software Update
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
Ava Find Pro
avast! Internet Security
Bluetooth Win7 Suite
Box Sync
Business Plan Pro 15th Anniversary Edition
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClickBankGoldminer
ClickingAgent
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Wireless WLAN Card
Driver Booster
DriverPack Solution Updater
ERUNT 1.1j
Fences 2
FlipBook Maker Pro 3.6.1
Friend Bomber
Google Chrome
Google Drive
Google Update Helper
GSA Captcha Breaker v2.47
GSA Search Engine Ranker v7.85
iCare Data Recovery enterprise license 5.1
IM-Magic Partition Resizer Professional 2013
Income Jacker
InstantArticleWizard
Intel® Graphics Media Accelerator Driver
Intel® Processor ID Utility
Internet Download Manager
Internet Everywhere
IObit Uninstaller
iSEEK AnswerWorks English Runtime
Java 7 Update 51
Java Auto Updater
Java 6 Update 45
K-Lite Codec Pack 8.4.0 (Full)
KeywordSnatcher
KMSpico 4.1
Lagarith Lossless Codec (1.3.27)
LastPass (uninstall only)
Logos 4 Prerequisites
Logos Bible Software 4
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Word MUI (English) 2013
Mobile Partner
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Outils de vérification linguistique 2013 de Microsoft Office - Français
Proxifier version 3.21
Quicken 2014
QuickTime 7
QuickVerse 2010
Realtek High Definition Audio Driver
SAM CoDeC Pack
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition
SEO PowerSuite
Share YouTube Videos version 1
SpeedCommander 15
Surfing Protection
TeraCopy 2.3 beta 2
Time Stopper
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TumblingJazz version 1.131
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition
USB Disk Security
Ut Video Codec Suite
VirtualCloneDrive
VLC media player 1.1.5
VMware Workstation
Windows 7 Manager
Windows 7 USB/DVD Download Tool
WinRAR 5.01 (32-bit)
WordWeb Pro
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
4/25/2014 11:21:03 AM, Error: Service Control Manager [7043] - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control.
4/25/2014 10:56:37 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2014 10:55:44 AM, Error: Service Control Manager [7034] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2014 1:43:26 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/25/2014 1:43:15 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\IMSEOLab\ntuser.dat'.
4/25/2014 1:43:14 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
4/25/2014 1:43:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/25/2014 1:20:23 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/24/2014 6:13:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
4/24/2014 11:47:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/24/2014 11:35:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/24/2014 11:15:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/24/2014 11:15:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2014 11:15:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2014 10:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.438.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
4/24/2014 10:37:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2014 10:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2014 10:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/24/2014 10:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BIOS discache ElbyCDIO MpFilter spldr Wanarpv6
4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The dependency service or group failed to start.
4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/23/2014 7:28:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/23/2014 6:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/23/2014 11:38:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
4/23/2014 11:32:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/23/2014 11:24:25 AM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2014 1:57:34 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
4/23/2014 1:39:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/23/2014 1:09:30 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
4/21/2014 3:23:07 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
4/20/2014 8:57:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
4/20/2014 8:56:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
4/20/2014 8:56:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/19/2014 3:56:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
4/19/2014 3:23:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
4/19/2014 10:23:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.171.148.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10501.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/18/2014 4:43:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
4/18/2014 10:03:17 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2014 10:03:17 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2014 10:03:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect.
.
==== End Of File ===========================

mickoh10 · April 25, 2014

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by IMSEOLab at 13:41:56 on 2014-04-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2974.1468 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
F:\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
F:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
F:\USB Disk Security\USBGuard.exe
F:\USB Disk Security\USBGuard.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Atheros\AWiCMgr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Proxifier\Proxifier.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
F:\AvaFind Pro\AvaFind.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\WUDFHost.exe
F:\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Adobe Acrobat Registration Service] c:\users\imseolab\appdata\roaming\local\adobe\armhvc.exe
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Proxifier] "f:\proxifier\proxifier.exe" aut
uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate 7\ASCTray.exe" /Auto
uRunOnce: [5raxzje9a8] c:\users\imseolab\5raxzje9a8\26202.vbs
mRun: [uSB Security] f:\usb disk security\USBGuard.exe
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Fences] "f:\fences\Fences.exe" /startup
mRun: [AWiC] "c:\program files\atheros\AWiCMgr.exe" -nogui
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\fences.lnk - f:\fences\Fences.exe
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\imseolab\5raxzje9a8\26202.vbs
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avafin~1.lnk - f:\avafind pro\AvaFind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\interneteverywhere\InternetEverywhere_Launcher.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:1
mPolicies-System: SynchronousUserGroupPolicy = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: Interfaces\{6AB15721-CAB7-4D92-BB73-82E21DC8D72F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{70BB6D26-DA5B-4AEA-A2A3-9D03D46BF2C6} : DHCPNameServer = 192.168.201.1
TCP: Interfaces\{B9B973A7-4108-42CC-B107-D28B935E1E61} : NameServer = 8.8.8.8 41.191.76.70
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - c:\program files\quickverse 2010\qvprotwrapper.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - f:\fences\FencesMenu.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: backupper.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: driverbooster.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: unins000.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\imseolab\appdata\roaming\mozilla\firefox\profiles\3mgtqajz.default-1396465441559\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\authorwa\np32asw.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2014-4-17 26424]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 178304]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-4-13 61464]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-4-17 26136]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-4-17 259928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-17 403440]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696]
R1 MpKsl20b00854;MpKsl20b00854;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys [2014-4-25 39464]
R1 MpKsld9840670;MpKsld9840670;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsld9840670.sys [2014-4-25 39464]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare ultimate 7\ASCService.exe [2014-3-15 886592]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2014-2-26 87968]
R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2014-4-17 129720]
R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2014-4-17 14392]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\iobit\advanced systemcare ultimate 7\ASCAvSvc.exe [2014-3-15 647488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2014-4-17 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-17 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-17 116776]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-21 108000]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\interneteverywhere\InternetEverywhere_Service.exe [2014-3-5 342984]
R2 MBAMScheduler;MBAMScheduler;f:\malwarebytes' anti-malware\mbamscheduler.exe [2014-4-22 418376]
R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2014-4-22 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2014-3-16 251096]
R2 Service KMSELDI;Service KMSELDI;c:\program files\kmspico\Service_KMS.exe [2014-2-26 37888]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-11-1 13234176]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-9 24736]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2014-3-5 100224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-22 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-16 683736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-26 2153792]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-9 34976]
S3 AWiCSrvc;AWiCSrvc;c:\program files\atheros\AWiCSrvc.exe [2014-2-27 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-3-10 27672]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-9 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-9 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-9 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-9 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-5-9 243872]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-25 108032]
S3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-2-25 18136]
S3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:\windows\system32\drivers\orange_zte_cdc_acm.sys [2014-4-16 66432]
S3 orange_zte_cpo;ZTE Orange Install;c:\windows\system32\drivers\orange_zte_cpo.sys [2014-4-16 9984]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-2-26 251496]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-2-26 1343400]
S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-9 146592]
S4 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-9 76960]
S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\aomei backupper\ABService.exe [2014-4-17 29912]
.
=============== Created Last 30 ================
.
2014-04-25 10:20:47   39464   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys
2014-04-25 08:19:29   39464   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsld9840670.sys
2014-04-25 08:16:59   --------   d-s---w-   c:\windows\system32\CompatTel
2014-04-25 05:50:06   361984   ----a-w-   c:\windows\system32\aepdu.dll
2014-04-25 05:50:06   302592   ----a-w-   c:\windows\system32\aeinv.dll
2014-04-25 05:34:54   514560   ----a-w-   c:\windows\system32\qdvd.dll
2014-04-24 20:31:20   8050496   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\mpengine.dll
2014-04-24 19:18:49   --------   d-----w-   C:\TDSSKiller_Quarantine
2014-04-24 09:50:03   --------   d-----w-   c:\users\imseolab\appdata\local\AccountsDominator
2014-04-24 08:33:00   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2014-04-24 08:11:45   --------   d-----w-   c:\programdata\HitmanPro
2014-04-24 07:35:42   --------   d-----w-   C:\Ark
2014-04-23 20:37:34   --------   d-----w-   c:\users\imseolab\appdata\roaming\Affilorama
2014-04-23 17:26:01   8050496   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-22 22:57:36   25400   ----a-w-   c:\windows\system32\authuitu.dll
2014-04-22 22:57:31   36152   ----a-w-   c:\windows\system32\uxtuneup.dll
2014-04-22 22:57:15   --------   d-----w-   c:\users\imseolab\appdata\local\TuneUp Software
2014-04-22 22:49:17   36664   ----a-w-   c:\windows\system32\TURegOpt.exe
2014-04-22 22:48:49   --------   d-----w-   c:\users\imseolab\appdata\roaming\TuneUp Software
2014-04-22 22:48:06   --------   d-----w-   c:\program files\TuneUp Utilities 2014
2014-04-22 22:46:08   --------   d-----w-   c:\programdata\TuneUp Software
2014-04-22 22:45:57   --------   d-sh--w-   c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-22 22:45:57   --------   d--h--w-   c:\programdata\Common Files
2014-04-22 22:24:20   --------   d-----w-   c:\users\imseolab\appdata\roaming\TweetAdder3
2014-04-22 17:17:37   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-04-21 21:03:54   --------   d-----w-   C:\Hman's Login
2014-04-21 16:52:55   6163104   ----a-w-   c:\windows\system32\Flash.ocx
2014-04-21 01:47:59   86016   ----a-w-   c:\windows\unvise32.exe
2014-04-21 00:07:58   --------   d-----w-   c:\users\imseolab\appdata\roaming\FB2
2014-04-20 23:20:07   --------   d-----w-   c:\users\imseolab\appdata\roaming\com.jayvenka.qilio
2014-04-20 00:56:46   --------   d-----w-   c:\users\imseolab\appdata\local\AccountStreamYahoo
2014-04-19 14:54:12   --------   d-----w-   c:\users\imseolab\appdata\roaming\GSA Captcha Breaker
2014-04-19 14:40:12   --------   d-----w-   c:\users\imseolab\appdata\roaming\Proxifier
2014-04-19 14:39:25   91240   ----a-w-   c:\windows\system32\ProxifierShellExt.dll
2014-04-19 14:39:25   70248   ----a-w-   c:\windows\system32\PrxerDrv.dll
2014-04-19 14:39:25   56424   ----a-w-   c:\windows\system32\PrxerNsp.dll
2014-04-19 14:39:25   11264   ----a-w-   c:\windows\system32\SPORDER.DLL
2014-04-19 14:36:22   --------   d-----w-   c:\users\imseolab\appdata\roaming\GSA Search Engine Ranker
2014-04-19 11:51:20   --------   d-----w-   c:\users\imseolab\appdata\roaming\BoostFanPageTraffic
2014-04-19 08:48:50   765968   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{adc7bf4b-cd44-4cac-9db3-3476a994dadf}\gapaengine.dll
2014-04-19 08:24:22   6858064   ----a-r-   c:\users\imseolab\appdata\roaming\microsoft\installer\{4b523cfd-2b57-403a-973f-920422a0d7f2}\Logos4.exe
2014-04-19 08:20:30   --------   d-----w-   c:\users\imseolab\appdata\local\Logos4
2014-04-19 08:19:48   --------   d-----w-   c:\program files\Link-AssistantCom
2014-04-19 08:18:49   --------   d-----w-   c:\program files\Time Stopper
2014-04-19 08:15:05   --------   d-----w-   c:\users\imseolab\appdata\local\TempDIR
2014-04-17 23:51:18   --------   d-----w-   c:\users\imseolab\appdata\roaming\SubRepo
2014-04-17 21:13:22   --------   d-----w-   c:\users\imseolab\appdata\roaming\PrPowershot
2014-04-17 15:46:00   --------   d-----w-   c:\users\imseolab\appdata\local\BlackHatToolz.com
2014-04-17 15:18:24   --------   d-----w-   c:\programdata\AomeiBR
2014-04-17 13:42:55   26424   ----a-w-   c:\windows\system32\ambakdrv.sys
2014-04-17 13:42:55   14392   ----a-w-   c:\windows\system32\amwrtdrv.sys
2014-04-17 13:42:55   129720   ----a-w-   c:\windows\system32\ammntdrv.sys
2014-04-17 13:42:47   --------   d-----w-   c:\program files\AOMEI Backupper
2014-04-17 13:41:27   86016   ----a-w-   c:\windows\system32\atl70.dll
2014-04-17 13:41:27   1355776   ----a-w-   c:\windows\system32\msvbvm50.dll
2014-04-17 13:40:31   --------   d-----w-   c:\windows\system32\Adobe
2014-04-17 13:38:49   --------   d-----w-   c:\program files\SAM CoDeC Pack
2014-04-17 10:36:23   860928   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2014-04-17 10:36:22   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2014-04-17 10:36:22   116736   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2014-04-17 10:36:22   106880   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2014-04-17 10:24:01   --------   d-----w-   c:\users\imseolab\appdata\roaming\AVAST Software
2014-04-17 10:22:33   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2014-04-17 10:22:33   178304   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2014-04-17 10:22:32   774392   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2014-04-17 10:22:31   70384   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2014-04-17 10:22:27   79720   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2014-04-17 10:22:24   26136   ----a-w-   c:\windows\system32\drivers\aswKbd.sys
2014-04-17 10:22:15   43152   ----a-w-   c:\windows\avastSS.scr
2014-04-17 10:22:06   259928   ----a-w-   c:\windows\system32\drivers\aswNdisFlt.sys
2014-04-17 10:21:46   --------   d-----w-   c:\program files\AVAST Software
2014-04-17 10:21:35   403440   ----a-w-   c:\windows\system32\drivers\xumwvxrt.sys
2014-04-17 10:21:12   --------   d-----w-   c:\programdata\AVAST Software
2014-04-17 09:04:25   1112288   ----a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2014-04-17 09:04:25   1112288   ----a-w-   c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-04-17 09:04:23   82816   ----a-w-   c:\windows\system32\drivers\ew_jucdcacm.sys
2014-04-17 09:04:23   51456   ----a-w-   c:\windows\system32\drivers\ew_jucdcecm.sys
2014-04-17 09:04:23   26496   ----a-w-   c:\windows\system32\drivers\ew_juextctrl.sys
2014-04-17 09:04:23   11136   ----a-w-   c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-04-17 09:04:22   72576   ----a-w-   c:\windows\system32\drivers\ew_jubusenum.sys
2014-04-17 09:04:22   102784   ----a-w-   c:\windows\system32\drivers\ew_hwusbdev.sys
2014-04-17 06:48:54   --------   d-----w-   c:\program files\SupportAppCB
2014-04-16 14:17:40   9984   ----a-w-   c:\windows\system32\drivers\orange_zte_cpo.sys
2014-04-16 14:17:40   66432   ----a-w-   c:\windows\system32\drivers\orange_zte_cdc_acm.sys
2014-04-16 14:17:40   1461992   ----a-w-   c:\windows\system32\drivers\wdfcoinstaller01009.dll
2014-04-16 14:17:40   13312   ----a-w-   c:\windows\system32\orange_zte_CPOCoinstaller.dll
2014-04-16 14:17:40   13312   ----a-w-   c:\windows\system32\drivers\orange_zte_CPOCoinstaller.dll
2014-04-15 07:16:37   --------   d-----w-   c:\users\imseolab\appdata\roaming\Atomic Alarm Clock 6
2014-04-12 22:08:13   --------   d-----w-   c:\users\imseolab\appdata\roaming\IDM
2014-04-12 21:43:04   119808   ----a-r-   c:\users\imseolab\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2014-04-12 21:25:18   --------   d-----w-   c:\users\imseolab\appdata\local\VMware
2014-04-12 21:22:22   63128   ----a-w-   c:\windows\system32\vsocklib.dll
2014-04-12 21:22:21   61464   ----a-w-   c:\windows\system32\drivers\vsock.sys
2014-04-12 21:21:34   357016   ----a-w-   c:\windows\system32\vmnetdhcp.exe
2014-04-12 21:21:30   435864   ----a-w-   c:\windows\system32\vmnat.exe
2014-04-12 21:21:29   25752   ----a-w-   c:\windows\system32\drivers\vmnetuserif.sys
2014-04-12 21:21:22   779928   ----a-w-   c:\windows\system32\vnetlib.dll
2014-04-12 21:21:16   41496   ----a-w-   c:\windows\system32\drivers\hcmon.sys
2014-04-12 21:19:23   --------   d-----w-   c:\program files\VMware
2014-04-12 21:19:23   --------   d-----w-   c:\program files\common files\VMware
2014-04-12 17:00:48   27072   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2014-04-12 17:00:48   234432   ----a-w-   c:\windows\system32\drivers\msiscsi.sys
2014-04-12 17:00:48   2048   ----a-w-   c:\windows\system32\iologmsg.dll
2014-04-12 17:00:48   149440   ----a-w-   c:\windows\system32\drivers\storport.sys
2014-04-12 17:00:39   1212352   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2014-04-12 07:47:55   --------   d-----w-   c:\program files\Intel Corporation
2014-04-07 22:25:16   --------   d-----w-   c:\users\imseolab\appdata\local\Business Plan Pro Samples
2014-04-07 22:21:19   --------   d-----w-   c:\users\imseolab\appdata\local\Palo_Alto_Software
2014-04-07 22:21:18   --------   d-----w-   c:\users\imseolab\appdata\roaming\bppenu11
2014-04-07 18:02:11   --------   d-----w-   c:\users\imseolab\appdata\local\Geckofx
2014-04-07 18:02:01   --------   d-----w-   c:\users\imseolab\appdata\roaming\Clyde Software Unlimited
2014-04-07 17:46:50   --------   d-----w-   c:\programdata\KeywordOrganizer
2014-04-07 06:03:16   --------   d-----w-   c:\users\imseolab\appdata\local\KeywordOrganizer
2014-04-06 20:30:26   --------   d-----w-   c:\windows\system32\Hotspot Shield
2014-04-06 09:54:22   --------   d-----w-   c:\users\imseolab\appdata\local\Evergreen_Internet_Market
2014-04-05 21:12:43   --------   d-----w-   c:\users\imseolab\appdata\roaming\EndNote
2014-04-05 20:52:59   --------   d-----w-   c:\program files\common files\Risxtd
2014-04-05 20:52:49   --------   d-----w-   c:\program files\common files\ResearchSoft
2014-04-05 20:51:47   --------   d-----w-   c:\program files\EndNote X3
2014-04-05 20:51:13   --------   d-----w-   c:\programdata\Thomson.ResearchSoft.Installers
2014-04-05 20:48:31   --------   d-----w-   c:\windows\86B3F2D6AC2B4E888AE1F2F77F781B0C.TMP
2014-04-05 20:48:22   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2014-04-05 14:07:18   50688   ----a-w-   c:\windows\system32\admwprox.dll
2014-04-05 14:07:18   154624   ----a-w-   c:\windows\system32\iisRtl.dll
2014-04-05 14:07:17   8192   ----a-w-   c:\windows\system32\iisrstap.dll
2014-04-05 14:07:17   26624   ----a-w-   c:\windows\system32\ahadmin.dll
2014-04-05 14:07:17   15360   ----a-w-   c:\windows\system32\iisreset.exe
2014-04-05 14:07:17   10752   ----a-w-   c:\windows\system32\wamregps.dll
2014-04-05 12:34:33   --------   d-----w-   c:\users\imseolab\appdata\roaming\IBP
2014-04-05 12:18:22   --------   d-----w-   c:\users\imseolab\appdata\local\Downloaded Installations
2014-04-05 09:48:56   --------   d-----w-   c:\users\imseolab\appdata\roaming\DigiResults
2014-04-05 09:47:31   --------   d-----w-   c:\users\imseolab\appdata\local\Deployment
2014-04-05 08:06:49   --------   d-----w-   c:\windows\system32\BestPractices
2014-04-05 08:06:48   --------   d-----w-   C:\inetpub
2014-04-04 21:50:03   --------   d-----w-   c:\users\imseolab\appdata\local\Mibasoft_Ltd
2014-04-03 21:12:02   --------   d-----w-   c:\users\imseolab\appdata\local\A
2014-04-03 09:51:53   --------   d-----w-   c:\users\imseolab\appdata\roaming\TideSDK
2014-04-02 21:34:03   --------   d-----w-   c:\users\imseolab\appdata\local\Apple Computer
2014-04-02 21:33:53   --------   d-----w-   c:\users\imseolab\appdata\roaming\Titanium
2014-04-01 06:27:45   --------   d-----w-   c:\users\imseolab\.ScreamingFrogSEOSpider
2014-03-30 15:29:50   --------   d-----w-   c:\users\imseolab\appdata\local\SENukeX
2014-03-30 15:29:48   --------   d-----w-   c:\users\imseolab\appdata\local\SENukeXUpdateConfig
2014-03-30 13:24:43   --------   d-----w-   c:\users\imseolab\appdata\roaming\IsolatedStorage
2014-03-30 13:24:43   --------   d-----w-   c:\programdata\IsolatedStorage
2014-03-30 13:24:37   --------   d-----w-   c:\users\imseolab\appdata\local\TumbleNinja
2014-03-30 13:24:24   --------   d-----w-   c:\programdata\Gibraltar
2014-03-30 13:18:39   --------   d-----w-   c:\program files\Share YouTube Videos
2014-03-30 13:17:04   --------   d-----w-   c:\users\imseolab\appdata\roaming\Tumblifier
2014-03-30 13:17:04   --------   d-----w-   c:\users\imseolab\appdata\local\Tumblifier
2014-03-30 13:14:30   --------   d-----w-   c:\users\imseolab\appdata\roaming\ScrapeBoard
2014-03-30 13:10:32   --------   d-----w-   c:\users\imseolab\appdata\local\Wicked_Article_Creator
2014-03-30 06:18:40   --------   d-----w-   c:\users\imseolab\appdata\local\xTumblrBot.com
2014-03-28 17:11:45   --------   d-sh--w-   c:\users\imseolab\wc
2014-03-28 17:11:39   --------   d-----w-   c:\users\imseolab\appdata\roaming\Molura
2014-03-28 17:11:38   --------   d-sh--w-   c:\users\imseolab\appdata\roaming\wyUpdate AU
2014-03-28 17:10:34   --------   d-----w-   c:\users\imseolab\appdata\local\Molura
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-27 19:33:25   --------   d-----w-   c:\users\imseolab\appdata\local\Apple
2014-03-27 19:04:45   --------   d-----w-   c:\users\imseolab\appdata\local\TechSmith
2014-03-27 08:31:29   --------   d-----w-   c:\users\imseolab\dkJpRtTdKlBxAJxdiPPnOgMInfo
2014-03-27 08:31:28   --------   d-----w-   c:\users\imseolab\appdata\roaming\com.trafficspy
2014-03-26 20:51:11   --------   d-----w-   C:\Quickfire
.
==================== Find3M ====================
.
2014-04-17 13:39:16   715038   ----a-w-   c:\windows\unins000.exe
2014-04-16 14:17:26   1461992   ----a-w-   c:\windows\system32\wdfcoinstaller01009.dll
2014-04-03 17:37:50   11149312   ----a-w-   c:\program files\common files\lpuninstall.exe
2014-03-23 19:05:21   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-03-19 16:06:59   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-16 19:44:56   76872   ----a-w-   c:\windows\system32\RtNicProp32.dll
2014-03-16 19:44:56   683736   ----a-w-   c:\windows\system32\drivers\Rt86win7.sys
2014-03-16 19:44:56   100896   ----a-w-   c:\windows\system32\RTNUninst32.dll
2014-03-16 19:41:46   1892056   ----a-w-   c:\windows\system32\RTSndMgr.cpl
2014-03-16 19:41:45   3012056   ----a-w-   c:\windows\system32\drivers\RTKVHDA.sys
2014-03-16 19:41:44   915160   ----a-w-   c:\windows\system32\RtkCoInstII.dll
2014-03-16 19:41:44   782040   ----a-w-   c:\windows\system32\RtkApoApi.dll
2014-03-16 19:41:44   2559192   ----a-w-   c:\windows\system32\RtkPgExt.dll
2014-03-16 19:41:44   13416   ----a-w-   c:\windows\system32\RtkCoLDR.dll
2014-03-16 19:41:43   2464472   ----a-w-   c:\windows\system32\RtkAPO.dll
2014-03-16 19:41:40   54936064   ----a-w-   c:\windows\system32\RCoRes.dat
2014-03-16 19:41:22   92584   ----a-w-   c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-03-16 19:41:21   95840   ----a-w-   c:\windows\system32\AERTARen.dll
2014-03-16 19:41:21   182472   ----a-w-   c:\windows\system32\AERTACap.dll
2014-03-11 06:52:30   104264   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-05 10:49:00   100224   ----a-w-   c:\windows\system32\drivers\ewsercd.sys
2014-02-28 11:09:55   246804   ----a-w-   c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07:56   2349056   ----a-w-   c:\windows\system32\win32k.sys
2014-02-04 02:04:22   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11   509440   ----a-w-   c:\windows\system32\qedit.dll
2014-01-29 02:06:47   381440   ----a-w-   c:\windows\system32\wer.dll
2014-01-28 02:07:07   185344   ----a-w-   c:\windows\system32\wwansvc.dll
2013-02-07 12:22:00   50330   ----a-w-   c:\program files\AntiDust.exe
.
============= FINISH: 13:49:44.37 ===============

mickoh10 · April 25, 2014

I am sorry, the first posts were done before I uninstalled utorrent...here is the fresh one

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 2/26/2014 12:03:42 AM
System Uptime: 4/25/2014 3:39:26 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3676
Processor: Celeron® Dual-Core CPU       T3500 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 14.381 GiB free.
E: is FIXED (NTFS) - 111 GiB total, 10.643 GiB free.
F: is FIXED (NTFS) - 20 GiB total, 18.917 GiB free.
G: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl64f3890b
Device ID: ROOT\LEGACY_MPKSL64F3890B\0000
Manufacturer:
Name: MpKsl64f3890b
PNP Device ID: ROOT\LEGACY_MPKSL64F3890B\0000
Service: MpKsl64f3890b
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP138: 4/25/2014 10:26:35 AM - Removed Camtasia Studio 8
RP139: 4/25/2014 11:05:48 AM - Removed FiverrBot
RP140: 4/25/2014 11:07:50 AM - Removed PrPowershot
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 12 ActiveX & Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player + Authorware Web Player
Advanced SystemCare Ultimate 7
AOMEI Backupper
Apple Application Support
Apple Software Update
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
Ava Find Pro
Bluetooth Win7 Suite
Box Sync
Business Plan Pro 15th Anniversary Edition
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClickBankGoldminer
ClickingAgent
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Wireless WLAN Card
Driver Booster
DriverPack Solution Updater
ERUNT 1.1j
Fences 2
FlipBook Maker Pro 3.6.1
Friend Bomber
Google Chrome
Google Drive
Google Update Helper
GSA Captcha Breaker v2.47
GSA Search Engine Ranker v7.85
iCare Data Recovery enterprise license 5.1
IM-Magic Partition Resizer Professional 2013
Income Jacker
InstantArticleWizard
Intel® Graphics Media Accelerator Driver
Intel® Processor ID Utility
Internet Download Manager
Internet Everywhere
IObit Uninstaller
iSEEK AnswerWorks English Runtime
Java 7 Update 51
Java Auto Updater
Java 6 Update 45
K-Lite Codec Pack 8.4.0 (Full)
KeywordSnatcher
KMSpico 4.1
Lagarith Lossless Codec (1.3.27)
LastPass (uninstall only)
Logos 4 Prerequisites
Logos Bible Software 4
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Word MUI (English) 2013
Mobile Partner
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Outils de vérification linguistique 2013 de Microsoft Office - Français
Proxifier version 3.21
Quicken 2014
QuickTime 7
QuickVerse 2010
Realtek High Definition Audio Driver
SAM CoDeC Pack
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2827224) 32-Bit Edition
SEO PowerSuite
Share YouTube Videos version 1
SpeedCommander 15
Surfing Protection
TeraCopy 2.3 beta 2
Time Stopper
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TumblingJazz version 1.131
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition
USB Disk Security
Ut Video Codec Suite
VirtualCloneDrive
VLC media player 1.1.5
VMware Workstation
Windows 7 Manager
Windows 7 USB/DVD Download Tool
WinRAR 5.01 (32-bit)
WordWeb Pro
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
4/25/2014 3:48:42 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/25/2014 3:39:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc045a790, 0xc0000185, 0x88987860, 0x8b4f29ce). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042514-19578-01.
4/25/2014 2:43:11 PM, Error: Service Control Manager [7034] - The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
4/25/2014 2:42:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Workstation Server service to connect.
4/25/2014 2:42:14 PM, Error: Service Control Manager [7000] - The VMware Workstation Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/25/2014 2:38:53 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm BIOS CSC DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:38:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/25/2014 2:35:36 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
4/25/2014 11:21:03 AM, Error: Service Control Manager [7043] - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control.
4/25/2014 10:56:37 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2014 10:55:44 AM, Error: Service Control Manager [7034] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s).
4/25/2014 1:43:26 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/25/2014 1:43:15 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\IMSEOLab\ntuser.dat'.
4/25/2014 1:43:14 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
4/24/2014 6:13:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
4/24/2014 11:47:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/24/2014 11:35:58 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/24/2014 11:15:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/24/2014 11:15:14 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/24/2014 11:15:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2014 10:37:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.438.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
4/24/2014 10:37:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/24/2014 10:09:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/24/2014 10:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2014 10:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/24/2014 10:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm BIOS discache ElbyCDIO MpFilter spldr Wanarpv6
4/24/2014 10:08:26 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The dependency service or group failed to start.
4/23/2014 7:28:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/23/2014 6:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/23/2014 11:38:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
4/23/2014 11:32:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/23/2014 11:24:25 AM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2014 11:23:03 AM, Error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2014 1:57:34 AM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
4/23/2014 1:39:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.173.297.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10502.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/23/2014 1:09:30 PM, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
4/21/2014 3:23:07 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
4/20/2014 8:57:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
4/20/2014 8:56:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
4/20/2014 8:56:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/19/2014 3:56:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
4/19/2014 3:23:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
4/19/2014 10:23:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.171.148.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.10501.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/18/2014 4:43:44 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
4/18/2014 10:03:17 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2014 10:03:17 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2014 10:03:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect.
.
==== End Of File ===========================

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by IMSEOLab at 15:43:27 on 2014-04-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2974.1610 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
F:\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
F:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
F:\USB Disk Security\USBGuard.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Atheros\AWiCMgr.exe
C:\Program Files\WordWeb\wweb32.exe
F:\USB Disk Security\USBGuard.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\SearchIndexer.exe
F:\fences\Fences.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Proxifier\Proxifier.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
F:\AvaFind Pro\AvaFind.exe
C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IObit\Surfing Protection\SPUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com
C:\Users\IMSEOLab\5raxzje9a8\USfDfXCw.com
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Adobe Acrobat Registration Service] c:\users\imseolab\appdata\roaming\local\adobe\armhvc.exe
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Proxifier] "f:\proxifier\proxifier.exe" aut
uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate 7\ASCTray.exe" /Auto
uRunOnce: [5raxzje9a8] c:\users\imseolab\5raxzje9a8\26202.vbs
mRun: [uSB Security] f:\usb disk security\USBGuard.exe
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Fences] "f:\fences\Fences.exe" /startup
mRun: [AWiC] "c:\program files\atheros\AWiCMgr.exe" -nogui
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\fences.lnk - f:\fences\Fences.exe
StartupFolder: c:\users\imseolab\appdata\roaming\micros~1\windows\startm~1\programs\startup\start.lnk - c:\users\imseolab\5raxzje9a8\26202.vbs
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\avafin~1.lnk - f:\avafind pro\AvaFind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\interneteverywhere\InternetEverywhere_Launcher.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:1
mPolicies-System: SynchronousUserGroupPolicy = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:1
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6AB15721-CAB7-4D92-BB73-82E21DC8D72F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{70BB6D26-DA5B-4AEA-A2A3-9D03D46BF2C6} : DHCPNameServer = 192.168.201.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: qv - {0B4BB6DC-D020-4173-97F2-3AD91AFD6559} - c:\program files\quickverse 2010\qvprotwrapper.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - f:\fences\FencesMenu.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: backupper.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: driverbooster.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: unins000.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\imseolab\appdata\roaming\mozilla\firefox\profiles\3mgtqajz.default-1396465441559\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\authorwa\np32asw.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2014-4-17 26424]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-4-13 61464]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696]
R1 MpKsl20b00854;MpKsl20b00854;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys [2014-4-25 39464]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare ultimate 7\ASCService.exe [2014-3-15 886592]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2014-2-26 87968]
R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2014-4-17 129720]
R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2014-4-17 14392]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\iobit\advanced systemcare ultimate 7\ASCAvSvc.exe [2014-3-15 647488]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-21 108000]
R2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files\interneteverywhere\InternetEverywhere_Service.exe [2014-3-5 342984]
R2 MBAMScheduler;MBAMScheduler;f:\malwarebytes' anti-malware\mbamscheduler.exe [2014-4-22 418376]
R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2014-4-22 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2014-3-16 251096]
R2 Service KMSELDI;Service KMSELDI;c:\program files\kmspico\Service_KMS.exe [2014-2-26 37888]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-11-1 13234176]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-9 24736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-22 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-16 683736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
S1 MpKsl64f3890b;MpKsl64f3890b;c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl64f3890b.sys [2014-4-25 39464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-26 2153792]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-9 34976]
S3 AWiCSrvc;AWiCSrvc;c:\program files\atheros\AWiCSrvc.exe [2014-2-27 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-3-10 27672]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-9 259232]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-9 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-9 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-9 141088]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-5-9 243872]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2014-3-5 100224]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-25 108032]
S3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-2-25 18136]
S3 orange_zte_cdc_acm;ZTE Orange CDC-ACM driver;c:\windows\system32\drivers\orange_zte_cdc_acm.sys [2014-4-16 66432]
S3 orange_zte_cpo;ZTE Orange Install;c:\windows\system32\drivers\orange_zte_cpo.sys [2014-4-16 9984]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-2-26 251496]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-2-26 1343400]
S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-9 146592]
S4 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-9 76960]
S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\aomei backupper\ABService.exe [2014-4-17 29912]
.
=============== Created Last 30 ================
.
2014-04-25 12:40:29   62576   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\offreg.dll
2014-04-25 10:20:47   39464   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\MpKsl20b00854.sys
2014-04-25 08:16:59   --------   d-s---w-   c:\windows\system32\CompatTel
2014-04-25 05:50:06   361984   ----a-w-   c:\windows\system32\aepdu.dll
2014-04-25 05:50:06   302592   ----a-w-   c:\windows\system32\aeinv.dll
2014-04-25 05:34:54   514560   ----a-w-   c:\windows\system32\qdvd.dll
2014-04-24 20:31:20   8050496   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{c2b4d9f8-7b27-4b34-b1e2-1526bda94e30}\mpengine.dll
2014-04-24 19:18:49   --------   d-----w-   C:\TDSSKiller_Quarantine
2014-04-24 09:50:03   --------   d-----w-   c:\users\imseolab\appdata\local\AccountsDominator
2014-04-24 08:33:00   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2014-04-24 08:11:45   --------   d-----w-   c:\programdata\HitmanPro
2014-04-24 07:35:42   --------   d-----w-   C:\Ark
2014-04-23 20:37:34   --------   d-----w-   c:\users\imseolab\appdata\roaming\Affilorama
2014-04-23 17:26:01   8050496   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-22 22:57:36   25400   ----a-w-   c:\windows\system32\authuitu.dll
2014-04-22 22:57:31   36152   ----a-w-   c:\windows\system32\uxtuneup.dll
2014-04-22 22:57:15   --------   d-----w-   c:\users\imseolab\appdata\local\TuneUp Software
2014-04-22 22:49:17   36664   ----a-w-   c:\windows\system32\TURegOpt.exe
2014-04-22 22:48:49   --------   d-----w-   c:\users\imseolab\appdata\roaming\TuneUp Software
2014-04-22 22:48:06   --------   d-----w-   c:\program files\TuneUp Utilities 2014
2014-04-22 22:46:08   --------   d-----w-   c:\programdata\TuneUp Software
2014-04-22 22:45:57   --------   d-sh--w-   c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-22 22:45:57   --------   d--h--w-   c:\programdata\Common Files
2014-04-22 22:24:20   --------   d-----w-   c:\users\imseolab\appdata\roaming\TweetAdder3
2014-04-22 17:17:37   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-04-21 21:03:54   --------   d-----w-   C:\Hman's Login
2014-04-21 16:52:55   6163104   ----a-w-   c:\windows\system32\Flash.ocx
2014-04-21 01:47:59   86016   ----a-w-   c:\windows\unvise32.exe
2014-04-21 00:07:58   --------   d-----w-   c:\users\imseolab\appdata\roaming\FB2
2014-04-20 23:20:07   --------   d-----w-   c:\users\imseolab\appdata\roaming\com.jayvenka.qilio
2014-04-20 00:56:46   --------   d-----w-   c:\users\imseolab\appdata\local\AccountStreamYahoo
2014-04-19 14:54:12   --------   d-----w-   c:\users\imseolab\appdata\roaming\GSA Captcha Breaker
2014-04-19 14:40:12   --------   d-----w-   c:\users\imseolab\appdata\roaming\Proxifier
2014-04-19 14:39:25   91240   ----a-w-   c:\windows\system32\ProxifierShellExt.dll
2014-04-19 14:39:25   70248   ----a-w-   c:\windows\system32\PrxerDrv.dll
2014-04-19 14:39:25   56424   ----a-w-   c:\windows\system32\PrxerNsp.dll
2014-04-19 14:39:25   11264   ----a-w-   c:\windows\system32\SPORDER.DLL
2014-04-19 14:36:22   --------   d-----w-   c:\users\imseolab\appdata\roaming\GSA Search Engine Ranker
2014-04-19 11:51:20   --------   d-----w-   c:\users\imseolab\appdata\roaming\BoostFanPageTraffic
2014-04-19 08:48:50   765968   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{adc7bf4b-cd44-4cac-9db3-3476a994dadf}\gapaengine.dll
2014-04-19 08:24:22   6858064   ----a-r-   c:\users\imseolab\appdata\roaming\microsoft\installer\{4b523cfd-2b57-403a-973f-920422a0d7f2}\Logos4.exe
2014-04-19 08:20:30   --------   d-----w-   c:\users\imseolab\appdata\local\Logos4
2014-04-19 08:19:48   --------   d-----w-   c:\program files\Link-AssistantCom
2014-04-19 08:18:49   --------   d-----w-   c:\program files\Time Stopper
2014-04-19 08:15:05   --------   d-----w-   c:\users\imseolab\appdata\local\TempDIR
2014-04-17 23:51:18   --------   d-----w-   c:\users\imseolab\appdata\roaming\SubRepo
2014-04-17 21:13:22   --------   d-----w-   c:\users\imseolab\appdata\roaming\PrPowershot
2014-04-17 15:46:00   --------   d-----w-   c:\users\imseolab\appdata\local\BlackHatToolz.com
2014-04-17 15:18:24   --------   d-----w-   c:\programdata\AomeiBR
2014-04-17 13:42:55   26424   ----a-w-   c:\windows\system32\ambakdrv.sys
2014-04-17 13:42:55   14392   ----a-w-   c:\windows\system32\amwrtdrv.sys
2014-04-17 13:42:55   129720   ----a-w-   c:\windows\system32\ammntdrv.sys
2014-04-17 13:42:47   --------   d-----w-   c:\program files\AOMEI Backupper
2014-04-17 13:41:27   86016   ----a-w-   c:\windows\system32\atl70.dll
2014-04-17 13:41:27   1355776   ----a-w-   c:\windows\system32\msvbvm50.dll
2014-04-17 13:40:31   --------   d-----w-   c:\windows\system32\Adobe
2014-04-17 13:38:49   --------   d-----w-   c:\program files\SAM CoDeC Pack
2014-04-17 10:36:23   860928   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2014-04-17 10:36:22   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2014-04-17 10:36:22   116736   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2014-04-17 10:36:22   106880   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2014-04-17 10:24:01   --------   d-----w-   c:\users\imseolab\appdata\roaming\AVAST Software
2014-04-17 10:21:46   --------   d-----w-   c:\program files\AVAST Software
2014-04-17 10:21:35   403440   ----a-w-   c:\windows\system32\drivers\xumwvxrt.sys
2014-04-17 09:04:25   1112288   ----a-w-   c:\windows\system32\WdfCoInstaller01007.dll
2014-04-17 09:04:25   1112288   ----a-w-   c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-04-17 09:04:23   82816   ----a-w-   c:\windows\system32\drivers\ew_jucdcacm.sys
2014-04-17 09:04:23   51456   ----a-w-   c:\windows\system32\drivers\ew_jucdcecm.sys
2014-04-17 09:04:23   26496   ----a-w-   c:\windows\system32\drivers\ew_juextctrl.sys
2014-04-17 09:04:23   11136   ----a-w-   c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-04-17 09:04:22   72576   ----a-w-   c:\windows\system32\drivers\ew_jubusenum.sys
2014-04-17 09:04:22   102784   ----a-w-   c:\windows\system32\drivers\ew_hwusbdev.sys
2014-04-17 06:48:54   --------   d-----w-   c:\program files\SupportAppCB
2014-04-16 14:17:40   9984   ----a-w-   c:\windows\system32\drivers\orange_zte_cpo.sys
2014-04-16 14:17:40   66432   ----a-w-   c:\windows\system32\drivers\orange_zte_cdc_acm.sys
2014-04-16 14:17:40   1461992   ----a-w-   c:\windows\system32\drivers\wdfcoinstaller01009.dll
2014-04-16 14:17:40   13312   ----a-w-   c:\windows\system32\orange_zte_CPOCoinstaller.dll
2014-04-16 14:17:40   13312   ----a-w-   c:\windows\system32\drivers\orange_zte_CPOCoinstaller.dll
2014-04-15 07:16:37   --------   d-----w-   c:\users\imseolab\appdata\roaming\Atomic Alarm Clock 6
2014-04-12 22:08:13   --------   d-----w-   c:\users\imseolab\appdata\roaming\IDM
2014-04-12 21:43:04   119808   ----a-r-   c:\users\imseolab\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2014-04-12 21:25:18   --------   d-----w-   c:\users\imseolab\appdata\local\VMware
2014-04-12 21:22:22   63128   ----a-w-   c:\windows\system32\vsocklib.dll
2014-04-12 21:22:21   61464   ----a-w-   c:\windows\system32\drivers\vsock.sys
2014-04-12 21:21:34   357016   ----a-w-   c:\windows\system32\vmnetdhcp.exe
2014-04-12 21:21:30   435864   ----a-w-   c:\windows\system32\vmnat.exe
2014-04-12 21:21:29   25752   ----a-w-   c:\windows\system32\drivers\vmnetuserif.sys
2014-04-12 21:21:22   779928   ----a-w-   c:\windows\system32\vnetlib.dll
2014-04-12 21:21:16   41496   ----a-w-   c:\windows\system32\drivers\hcmon.sys
2014-04-12 21:19:23   --------   d-----w-   c:\program files\VMware
2014-04-12 21:19:23   --------   d-----w-   c:\program files\common files\VMware
2014-04-12 17:00:48   27072   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2014-04-12 17:00:48   234432   ----a-w-   c:\windows\system32\drivers\msiscsi.sys
2014-04-12 17:00:48   2048   ----a-w-   c:\windows\system32\iologmsg.dll
2014-04-12 17:00:48   149440   ----a-w-   c:\windows\system32\drivers\storport.sys
2014-04-12 17:00:39   1212352   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2014-04-12 07:47:55   --------   d-----w-   c:\program files\Intel Corporation
2014-04-07 22:25:16   --------   d-----w-   c:\users\imseolab\appdata\local\Business Plan Pro Samples
2014-04-07 22:21:19   --------   d-----w-   c:\users\imseolab\appdata\local\Palo_Alto_Software
2014-04-07 22:21:18   --------   d-----w-   c:\users\imseolab\appdata\roaming\bppenu11
2014-04-07 18:02:11   --------   d-----w-   c:\users\imseolab\appdata\local\Geckofx
2014-04-07 18:02:01   --------   d-----w-   c:\users\imseolab\appdata\roaming\Clyde Software Unlimited
2014-04-07 17:46:50   --------   d-----w-   c:\programdata\KeywordOrganizer
2014-04-07 06:03:16   --------   d-----w-   c:\users\imseolab\appdata\local\KeywordOrganizer
2014-04-06 20:30:26   --------   d-----w-   c:\windows\system32\Hotspot Shield
2014-04-06 09:54:22   --------   d-----w-   c:\users\imseolab\appdata\local\Evergreen_Internet_Market
2014-04-05 21:12:43   --------   d-----w-   c:\users\imseolab\appdata\roaming\EndNote
2014-04-05 20:52:59   --------   d-----w-   c:\program files\common files\Risxtd
2014-04-05 20:52:49   --------   d-----w-   c:\program files\common files\ResearchSoft
2014-04-05 20:51:47   --------   d-----w-   c:\program files\EndNote X3
2014-04-05 20:51:13   --------   d-----w-   c:\programdata\Thomson.ResearchSoft.Installers
2014-04-05 20:48:31   --------   d-----w-   c:\windows\86B3F2D6AC2B4E888AE1F2F77F781B0C.TMP
2014-04-05 20:48:22   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2014-04-05 14:07:18   50688   ----a-w-   c:\windows\system32\admwprox.dll
2014-04-05 14:07:18   154624   ----a-w-   c:\windows\system32\iisRtl.dll
2014-04-05 14:07:17   8192   ----a-w-   c:\windows\system32\iisrstap.dll
2014-04-05 14:07:17   26624   ----a-w-   c:\windows\system32\ahadmin.dll
2014-04-05 14:07:17   15360   ----a-w-   c:\windows\system32\iisreset.exe
2014-04-05 14:07:17   10752   ----a-w-   c:\windows\system32\wamregps.dll
2014-04-05 12:34:33   --------   d-----w-   c:\users\imseolab\appdata\roaming\IBP
2014-04-05 12:18:22   --------   d-----w-   c:\users\imseolab\appdata\local\Downloaded Installations
2014-04-05 09:48:56   --------   d-----w-   c:\users\imseolab\appdata\roaming\DigiResults
2014-04-05 09:47:31   --------   d-----w-   c:\users\imseolab\appdata\local\Deployment
2014-04-05 08:06:49   --------   d-----w-   c:\windows\system32\BestPractices
2014-04-05 08:06:48   --------   d-----w-   C:\inetpub
2014-04-04 21:50:03   --------   d-----w-   c:\users\imseolab\appdata\local\Mibasoft_Ltd
2014-04-03 21:12:02   --------   d-----w-   c:\users\imseolab\appdata\local\A
2014-04-03 09:51:53   --------   d-----w-   c:\users\imseolab\appdata\roaming\TideSDK
2014-04-02 21:34:03   --------   d-----w-   c:\users\imseolab\appdata\local\Apple Computer
2014-04-02 21:33:53   --------   d-----w-   c:\users\imseolab\appdata\roaming\Titanium
2014-04-01 06:27:45   --------   d-----w-   c:\users\imseolab\.ScreamingFrogSEOSpider
2014-03-30 15:29:50   --------   d-----w-   c:\users\imseolab\appdata\local\SENukeX
2014-03-30 15:29:48   --------   d-----w-   c:\users\imseolab\appdata\local\SENukeXUpdateConfig
2014-03-30 13:24:43   --------   d-----w-   c:\users\imseolab\appdata\roaming\IsolatedStorage
2014-03-30 13:24:43   --------   d-----w-   c:\programdata\IsolatedStorage
2014-03-30 13:24:37   --------   d-----w-   c:\users\imseolab\appdata\local\TumbleNinja
2014-03-30 13:24:24   --------   d-----w-   c:\programdata\Gibraltar
2014-03-30 13:18:39   --------   d-----w-   c:\program files\Share YouTube Videos
2014-03-30 13:17:04   --------   d-----w-   c:\users\imseolab\appdata\roaming\Tumblifier
2014-03-30 13:17:04   --------   d-----w-   c:\users\imseolab\appdata\local\Tumblifier
2014-03-30 13:14:30   --------   d-----w-   c:\users\imseolab\appdata\roaming\ScrapeBoard
2014-03-30 13:10:32   --------   d-----w-   c:\users\imseolab\appdata\local\Wicked_Article_Creator
2014-03-30 06:18:40   --------   d-----w-   c:\users\imseolab\appdata\local\xTumblrBot.com
2014-03-28 17:11:45   --------   d-sh--w-   c:\users\imseolab\wc
2014-03-28 17:11:39   --------   d-----w-   c:\users\imseolab\appdata\roaming\Molura
2014-03-28 17:11:38   --------   d-sh--w-   c:\users\imseolab\appdata\roaming\wyUpdate AU
2014-03-28 17:10:34   --------   d-----w-   c:\users\imseolab\appdata\local\Molura
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-27 19:35:37   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-27 19:33:25   --------   d-----w-   c:\users\imseolab\appdata\local\Apple
2014-03-27 19:04:45   --------   d-----w-   c:\users\imseolab\appdata\local\TechSmith
2014-03-27 08:31:29   --------   d-----w-   c:\users\imseolab\dkJpRtTdKlBxAJxdiPPnOgMInfo
2014-03-27 08:31:28   --------   d-----w-   c:\users\imseolab\appdata\roaming\com.trafficspy
2014-03-26 20:51:11   --------   d-----w-   C:\Quickfire
.
==================== Find3M ====================
.
2014-04-17 13:39:16   715038   ----a-w-   c:\windows\unins000.exe
2014-04-16 14:17:26   1461992   ----a-w-   c:\windows\system32\wdfcoinstaller01009.dll
2014-04-03 17:37:50   11149312   ----a-w-   c:\program files\common files\lpuninstall.exe
2014-03-23 19:05:21   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-03-19 16:06:59   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-16 19:44:56   76872   ----a-w-   c:\windows\system32\RtNicProp32.dll
2014-03-16 19:44:56   683736   ----a-w-   c:\windows\system32\drivers\Rt86win7.sys
2014-03-16 19:44:56   100896   ----a-w-   c:\windows\system32\RTNUninst32.dll
2014-03-16 19:41:46   1892056   ----a-w-   c:\windows\system32\RTSndMgr.cpl
2014-03-16 19:41:45   3012056   ----a-w-   c:\windows\system32\drivers\RTKVHDA.sys
2014-03-16 19:41:44   915160   ----a-w-   c:\windows\system32\RtkCoInstII.dll
2014-03-16 19:41:44   782040   ----a-w-   c:\windows\system32\RtkApoApi.dll
2014-03-16 19:41:44   2559192   ----a-w-   c:\windows\system32\RtkPgExt.dll
2014-03-16 19:41:44   13416   ----a-w-   c:\windows\system32\RtkCoLDR.dll
2014-03-16 19:41:43   2464472   ----a-w-   c:\windows\system32\RtkAPO.dll
2014-03-16 19:41:40   54936064   ----a-w-   c:\windows\system32\RCoRes.dat
2014-03-16 19:41:22   92584   ----a-w-   c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-03-16 19:41:21   95840   ----a-w-   c:\windows\system32\AERTARen.dll
2014-03-16 19:41:21   182472   ----a-w-   c:\windows\system32\AERTACap.dll
2014-03-11 06:52:30   104264   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-05 10:49:00   100224   ----a-w-   c:\windows\system32\drivers\ewsercd.sys
2014-02-28 11:09:55   246804   ----a-w-   c:\windows\system32\drivers\AtherosBt.bin
2014-02-07 01:07:56   2349056   ----a-w-   c:\windows\system32\win32k.sys
2014-02-04 02:04:22   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11   509440   ----a-w-   c:\windows\system32\qedit.dll
2014-01-29 02:06:47   381440   ----a-w-   c:\windows\system32\wer.dll
2014-01-28 02:07:07   185344   ----a-w-   c:\windows\system32\wwansvc.dll
2013-02-07 12:22:00   50330   ----a-w-   c:\program files\AntiDust.exe
.
============= FINISH: 15:48:43.85 ===============

mickoh10 · April 25, 2014

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : IMSEOLab [Admin rights]
Mode : Scan -- Date : 04/25/2014 16:00:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND
[RUN][ROGUE ST] HKCU\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[iMSEOLab][ROGUE ST] start.lnk : C:\Users\IMSEOLab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk @C:\Users\IMSEOLab\5RAXZJ~1\26202.vbs [-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (f:\fences\DesktopDock.dll @ 0x63F110C0)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738909AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738849A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73886395)
[Address] EAT @explorer.exe (BufferedPaintInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738908ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738894AB)
[Address] EAT @explorer.exe (CloseThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73886A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738853E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738851BF)
[Address] EAT @explorer.exe (DrawThemeText) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73884EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738863E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388FCAF)
[Address] EAT @explorer.exe (EnableTheming) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73883F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73884BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738904BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738905DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388BF93)
[Address] EAT @explorer.exe (GetThemeBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73887C1F)
[Address] EAT @explorer.exe (GetThemeColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C)
[Address] EAT @explorer.exe (GetThemeFilename) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2412)
[Address] EAT @explorer.exe (GetThemeFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388FF21)
[Address] EAT @explorer.exe (GetThemeInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388616C)
[Address] EAT @explorer.exe (GetThemeIntList) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738886E9)
[Address] EAT @explorer.exe (GetThemeMetric) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738906E2)
[Address] EAT @explorer.exe (GetThemePartSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73893611)
[Address] EAT @explorer.exe (GetThemeStream) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738939D9)
[Address] EAT @explorer.exe (GetThemeString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B320B)
[Address] EAT @explorer.exe (GetThemeSysString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73882D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73891081)
[Address] EAT @explorer.exe (GetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73893CE3)
[Address] EAT @explorer.exe (IsAppThemed) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F869)
[Address] EAT @explorer.exe (IsCompositionActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73882E9A)
[Address] EAT @explorer.exe (IsThemeActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738860AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738885B4)
[Address] EAT @explorer.exe (OpenThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738873D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738A3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B3296)
[Address] EAT @explorer.exe (SetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73890134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7389CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7388B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x738B068D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232A7A384 ATA Device +++++
--- User ---
[MBR] 707c8a788074ba88890dc019aad1dbca
[bSP] 226c63bd82dbd934a5451924135aa4ef : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 113484 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 234160661 | Size: 87331 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 414793077 | Size: 20659 MB
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 457103920 | Size: 82050 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04252014_160006.txt >>

MrCharlie · April 25, 2014

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\Run : Adobe Acrobat Registration Service (C:\Users\IMSEOLab\AppData\Roaming\Local\Adobe\armhvc.exe [7]) -> FOUND
[RUN][ROGUE ST] HKCU\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-3950617617-3481865245-1003807710-1000\[...]\RunOnce : 5raxzje9a8 (C:\Users\IMSEOLab\5raxzje9a8\26202.vbs [-]) -> FOUND

Now click Delete on the right hand column under Options

-------------

This one may be listed under: Startup Entries Please Delete it:

[iMSEOLab][ROGUE ST] start.lnk : C:\Users\IMSEOLab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk @C:\Users\IMSEOLab\5RAXZJ~1\26202.vbs [-][-] -> FOUND

Then..............

Make sure you have created a restore point and.....
Download Delfix from Here and save it to your desktop.

Place a check mark in front of .......
Create registry backup <---only!
Uncheck the rest!
Click the Run button.

Close the tool out when it's done....we'll use it later.

----------------------------------------------

Next:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)
- Put a checkmark beside loaded modules.
- A reboot will be needed to apply the changes. Do it.
- TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
- Then click on Change parameters in TDSSKiller.
- Check all boxes then click OK.
- Click the Start Scan button.
- The scan should take no longer than 2 minutes.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  
  If in doubt about an entry....please ask or choose Skip
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
- A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
- Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
Here's a summary of what to do if you would like to print it out:
If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------
If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

mickoh10 · April 26, 2014

Here are the 2 log files attached

TDSSKiller.3.0.0.32_26.04.2014_00.49.36_log.txt

log 2.txt

MrCharlie · April 26, 2014

Why did you quarantine all those files:

00:56:45.0165 0x16dc ambakdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

It clearly states twice that:

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I hope you created a system restore point before we started, if so please use it to restore the computer back to before you ran TDSSKiller.

Let me know.....MrC

mickoh10 · April 27, 2014

I think I was just tired when I did that, I read your instructions twice, and it looked like I had to quarantine them until after I did and rested about 6 hrs then re-read again and realized I had screwed up..let me restore the computer to that point then.

MrCharlie · April 28, 2014

OK...MrC

mickoh10 · April 30, 2014

I just realized that actually, after running the combo fix, everything got cleaned and wiped...even the restore point I had created. Now even the virus seems to be off completely because I have done 3 scans and nothing is showing up....all my programs seem to have reset as well.

MrCharlie · April 30, 2014

The computer is OK now????

MrC

mickoh10 · April 30, 2014

It sure looks like it is okay, I dont know how to thank you, but of course your signature tells me how. Thanks so much Mr.C

MrCharlie · April 30, 2014

OK.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Download Delfix from here and save it to your desktop. (you may already have this)

Ensure Remove disinfection tools is checked.
Click the Run button.
Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

mickoh10 · April 30, 2014

I dont know why the links to your preventative posts wont work for me, will keep trying though.

MrCharlie · April 30, 2014

This one should work:

https://forums.malwarebytes.org/index.php?showtopic=145712&page=2#entry822962

Let me know......MrC

AdvancedSetup · May 4, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

I need Help removing Backdoor Win32/Fynloski.A

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information