Jump to content

BNDAZ

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. BNDAZ
    updated a ran as instructed ..at about 7 minutes it stayed on C:\WINDOWS\SYSWOW64\NlsData0049.dll The scan animation and clock counted for about 48 minutes on the same file and then everything stopped. I watched for another 20 minutes with no change. I pressed the cancel scan button once and Malwarebytes immediately changed appearance to a grayed out look and it said " not responding" I had to do a hard reboot, I restarted in safemode with networking updated and reran Mbam. within about three minutes it hung on the same path except the file was 0047.dll. animation and clock continued and I left for 20 minutes or so, when I returned the scan had completed without finding any issue. Not sure what is causing the hand other than the trend micro A isn't running in safemood. Revo uninstaller doesn't see trend micro ..looking to and uninstaller elsewhere. any thoughts?
  2. BNDAZ
    ok thnaks and you mean malwarebytes correct?
  3. BNDAZ
    adw file attached AdwCleanerS1.txt
  4. BNDAZ
    ok uninstalled old Mbam and installed 2.0 first scan went well and got through the files that were originally causing the lockup. THEN the heuristic portion began and after a few minutes...lockup. I had to hard reboot. restarted in safe mode and ran mbam 2.0 again did lockup this time but did spend an inordinate amount of time on and Nlsdata0045.dll. I left it and came back an hour later to find the scan had finished and discovered "non malware threats" I followed the advised action and quarantined all. I still cannot paste to this page so I will attach the file. mbamapplicationlog.txt
  5. BNDAZ
    repost of attached log.txt log.txt
  6. BNDAZ
    I am on infected machine, could only attach combofix log.txt for some reason I am unable to copy paste. I can log on with good machine DL log and paste it if needed.
  7. BNDAZ
    Step 06 esetresults.txt C:\$Recycle.Bin\S-1-5-21-1460975341-3059722581-169982251-1000\$R3YDR4O\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins\npDefaultTabSearch.dll.vir Win32/Toolbar.DefaultTab.C potentially unwanted application C:\Users\Owner\AppData\Local\Temp\DTX\Reporting\ReportingHelper.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Users\Owner\Desktop\ANTI MAL\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Owner\Downloads\Google_Chrome_Setup(1).exe a variant of Win32/Adware.iBryte.G application C:\Users\Owner\Downloads\Google_Chrome_Setup.exe a variant of Win32/Adware.iBryte.G application C:\Users\Owner\Downloads\rcpsetup_cpx_cpx.exe Win32/Systweak potentially unwanted application C:\Users\Owner\Downloads\setup(1).exe Win32/Toolbar.Conduit potentially unwanted application C:\Users\Owner\Downloads\setup(2).exe Win32/Toolbar.Conduit potentially unwanted application C:\Users\Owner\Downloads\setup.exe Win32/Toolbar.Conduit potentially unwanted application FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Owner (administrator) on OWNER-PC on 24-03-2014 00:49:06 Running from C:\Users\Owner\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Windows\AsScrPro.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [synAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.) HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: *‮* <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1460975341-3059722581-169982251-1000\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-1460975341-3059722581-169982251-1000\...\MountPoints2: {13535e54-f812-11e1-9da4-10bf480e9e6c} - F:\start.exe HKU\S-1-5-21-1460975341-3059722581-169982251-1000\...\MountPoints2: {69702898-263f-11e3-887a-10bf480e9e6c} - F:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR DefaultSearchProvider: Ask CHR DefaultSearchURL: http://www.google.com CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.) CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Extension: (Ask Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-27] CHR Extension: (DefaultTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2013-04-22] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== S3 ATMFBUS; C:\Windows\System32\DRIVERS\ATMFBUS.sys [63488 2009-10-01] (DEVGURU Co., LTD.) S3 ATMFCVsp; C:\Windows\System32\DRIVERS\ATMFCVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ATMFFLT; C:\Windows\System32\DRIVERS\ATMFFLT.sys [15872 2009-10-01] (DEVGURU Co., LTD.) S3 ATMFMdm; C:\Windows\System32\DRIVERS\ATMFMdm.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ATMFNET; C:\Windows\System32\DRIVERS\ATMFNET.sys [133632 2009-10-01] (DEVGURU Co., LTD.) S3 ATMFNVsp; C:\Windows\System32\DRIVERS\ATMFNVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ATMFVsp; C:\Windows\System32\DRIVERS\ATMFVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-24 00:49 - 2014-03-24 00:49 - 00025430 _____ () C:\Users\Owner\Desktop\FRST.txt 2014-03-24 00:48 - 2014-03-24 00:49 - 00000000 ____D () C:\FRST 2014-03-24 00:46 - 2014-03-24 00:46 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2014-03-24 00:45 - 2014-03-24 00:45 - 00001205 _____ () C:\Users\Owner\Desktop\esetresults.txt 2014-03-23 14:55 - 2014-03-23 14:55 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-23 14:35 - 2014-03-23 14:35 - 00002096 _____ () C:\Users\Owner\Desktop\AdwCleaner[s0].txt 2014-03-23 14:31 - 2014-03-23 14:34 - 00000000 ____D () C:\AdwCleaner 2014-03-23 14:29 - 2014-03-23 14:29 - 00003900 _____ () C:\Users\Owner\Desktop\JRT.txt 2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 12:59 - 2014-03-23 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-23 12:58 - 2014-03-23 12:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-23 12:58 - 2014-03-23 12:58 - 00000000 ____D () C:\Users\Owner\Desktop\mBar 2014-03-23 12:56 - 2014-03-23 12:56 - 00000000 ____D () C:\Users\Owner\Desktop\ANTI MAL 2014-03-22 04:20 - 2014-03-22 04:20 - 00002196 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_03222014_042031.txt 2014-03-22 04:17 - 2014-03-22 04:20 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine 2014-03-22 04:16 - 2014-03-22 04:16 - 04486144 _____ () C:\Users\Owner\Desktop\RogueKillerX64.exe 2014-03-22 03:38 - 2014-03-22 03:38 - 00000000 ____D () C:\Windows\ERDNT 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Owner\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Lauren\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Owner\Desktop\ERUNT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Lauren\Desktop\ERUNT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-22 03:36 - 2014-03-22 03:37 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-22 03:35 - 2014-03-22 03:35 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Desktop\erunt-setup.exe 2014-03-22 03:33 - 2014-03-22 03:35 - 00002040 _____ () C:\Users\Owner\Desktop\Rkill.txt 2014-03-22 03:32 - 2014-03-22 03:32 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe 2014-03-16 11:54 - 2014-03-16 11:58 - 00017923 _____ () C:\Users\Owner\Desktop\dds.txt 2014-03-16 11:54 - 2014-03-16 11:58 - 00014299 _____ () C:\Users\Owner\Desktop\attach.txt 2014-03-16 11:53 - 2014-03-16 11:53 - 00688992 _____ (Swearware) C:\Users\Owner\Desktop\dds.com 2014-03-16 11:50 - 2014-03-16 11:50 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr 2014-03-16 02:08 - 2014-03-16 02:08 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-16 02:08 - 2014-03-16 02:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 02:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-16 01:24 - 2014-03-16 01:24 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-03-16 01:24 - 2014-03-16 01:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-03-16 00:58 - 2014-03-16 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2014-03-16 00:56 - 2014-03-16 00:56 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-03-16 00:53 - 2014-03-16 00:53 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-16 00:53 - 2014-03-16 00:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-03-16 00:52 - 2014-03-16 16:07 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-16 00:52 - 2014-03-16 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-03-16 00:52 - 2014-03-16 00:52 - 00000000 __RHD () C:\MSOCache 2014-03-16 00:52 - 2014-03-16 00:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help 2014-03-16 00:33 - 2014-03-16 00:33 - 00002122 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk 2014-03-16 00:33 - 2014-03-16 00:33 - 00000000 ____D () C:\Program Files (x86)\Belarc 2014-03-16 00:12 - 2012-05-04 05:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-03-16 00:12 - 2012-05-04 03:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-03-16 00:00 - 2014-03-16 00:00 - 00003330 _____ () C:\Windows\System32\Tasks\{9C7A7062-4812-4238-B5FE-7C60E9E266F3} 2014-03-15 20:21 - 2014-03-15 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes 2014-03-15 20:21 - 2014-03-15 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-15 19:47 - 2014-03-15 19:47 - 00006472 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-15 19:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-15 19:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-15 19:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-15 19:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-15 19:36 - 2014-03-16 01:57 - 00158806 _____ () C:\Windows\PFRO.log 2014-03-15 19:24 - 2014-03-15 19:24 - 00001266 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk 2014-03-15 19:24 - 2014-03-15 19:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-15 19:23 - 2014-03-15 19:23 - 00000000 ____D () C:\Windows\pss 2014-03-15 19:23 - 2014-03-01 00:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-15 19:23 - 2014-02-28 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-15 19:23 - 2014-02-28 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-15 19:23 - 2014-02-28 22:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-15 19:23 - 2014-02-28 22:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-15 19:23 - 2014-02-28 22:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-15 19:23 - 2014-02-28 22:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-15 19:23 - 2014-02-28 22:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-15 19:23 - 2014-02-28 22:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-15 19:23 - 2014-02-28 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-15 19:23 - 2014-02-28 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-15 19:23 - 2014-02-28 22:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-15 19:23 - 2014-02-28 22:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-15 19:23 - 2014-02-28 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-15 19:23 - 2014-02-28 22:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-15 19:23 - 2014-02-28 22:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-15 19:23 - 2014-02-28 22:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-15 19:23 - 2014-02-28 21:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-15 19:23 - 2014-02-28 21:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-15 19:23 - 2014-02-28 21:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-15 19:23 - 2014-02-28 21:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-15 19:23 - 2014-02-28 21:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-15 19:23 - 2014-02-28 21:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-15 19:23 - 2014-02-28 21:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-15 19:23 - 2014-02-28 21:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-15 19:23 - 2014-02-28 21:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-15 19:23 - 2014-02-28 21:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-15 19:23 - 2014-02-28 21:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-15 19:23 - 2014-02-28 21:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-15 19:23 - 2014-02-28 21:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-15 19:23 - 2014-02-28 21:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-15 19:23 - 2014-02-28 21:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-15 19:23 - 2014-02-28 21:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-15 19:23 - 2014-02-28 21:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-15 19:23 - 2014-02-28 20:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-15 19:23 - 2014-02-28 20:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-15 19:23 - 2014-02-28 20:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-15 19:23 - 2014-02-28 20:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-15 19:23 - 2014-02-28 20:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-15 19:23 - 2014-02-28 20:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-15 19:23 - 2014-02-06 19:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-15 19:23 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-15 19:23 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-15 19:23 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-15 19:22 - 2014-02-03 20:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-15 19:22 - 2014-02-03 20:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-15 19:22 - 2014-02-03 20:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-15 19:22 - 2014-02-03 20:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-05 18:40 - 2014-03-23 21:13 - 00002252 _____ () C:\Windows\setupact.log 2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-24 10:16 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-24 10:16 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-24 10:16 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-24 10:16 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-24 10:16 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-24 10:16 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-24 10:15 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-24 10:15 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-24 10:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-24 10:15 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-24 10:15 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-24 10:15 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-24 10:15 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-24 10:15 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-24 10:15 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-24 10:15 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-24 10:15 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-24 10:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-24 10:15 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-24 10:15 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-24 10:15 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-24 10:15 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-24 10:15 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-24 10:15 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe ==================== One Month Modified Files and Folders ======= 2014-03-24 00:49 - 2014-03-24 00:49 - 00025430 _____ () C:\Users\Owner\Desktop\FRST.txt 2014-03-24 00:49 - 2014-03-24 00:48 - 00000000 ____D () C:\FRST 2014-03-24 00:46 - 2014-03-24 00:46 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2014-03-24 00:45 - 2014-03-24 00:45 - 00001205 _____ () C:\Users\Owner\Desktop\esetresults.txt 2014-03-24 00:28 - 2013-11-12 13:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-23 23:54 - 2012-09-12 16:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-23 21:21 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-23 21:21 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-23 21:19 - 2009-07-13 23:13 - 00797850 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-23 21:17 - 2013-05-16 07:57 - 01577943 _____ () C:\Windows\WindowsUpdate.log 2014-03-23 21:13 - 2014-03-05 18:40 - 00002252 _____ () C:\Windows\setupact.log 2014-03-23 21:13 - 2013-11-12 13:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-23 21:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-23 14:55 - 2014-03-23 14:55 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-23 14:35 - 2014-03-23 14:35 - 00002096 _____ () C:\Users\Owner\Desktop\AdwCleaner[s0].txt 2014-03-23 14:34 - 2014-03-23 14:31 - 00000000 ____D () C:\AdwCleaner 2014-03-23 14:29 - 2014-03-23 14:29 - 00003900 _____ () C:\Users\Owner\Desktop\JRT.txt 2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\Windows\ERUNT 2014-03-23 14:19 - 2014-03-23 12:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-23 12:58 - 2014-03-23 12:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-23 12:58 - 2014-03-23 12:58 - 00000000 ____D () C:\Users\Owner\Desktop\mBar 2014-03-23 12:56 - 2014-03-23 12:56 - 00000000 ____D () C:\Users\Owner\Desktop\ANTI MAL 2014-03-22 04:20 - 2014-03-22 04:20 - 00002196 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_03222014_042031.txt 2014-03-22 04:20 - 2014-03-22 04:17 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine 2014-03-22 04:16 - 2014-03-22 04:16 - 04486144 _____ () C:\Users\Owner\Desktop\RogueKillerX64.exe 2014-03-22 03:38 - 2014-03-22 03:38 - 00000000 ____D () C:\Windows\ERDNT 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Owner\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Lauren\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000926 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Owner\Desktop\ERUNT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Lauren\Desktop\ERUNT.lnk 2014-03-22 03:37 - 2014-03-22 03:37 - 00000907 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-03-22 03:37 - 2014-03-22 03:36 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-03-22 03:35 - 2014-03-22 03:35 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Desktop\erunt-setup.exe 2014-03-22 03:35 - 2014-03-22 03:33 - 00002040 _____ () C:\Users\Owner\Desktop\Rkill.txt 2014-03-22 03:32 - 2014-03-22 03:32 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe 2014-03-22 03:28 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-16 16:07 - 2014-03-16 00:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-16 16:07 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini 2014-03-16 15:27 - 2012-09-03 08:41 - 00110088 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-16 11:58 - 2014-03-16 11:54 - 00017923 _____ () C:\Users\Owner\Desktop\dds.txt 2014-03-16 11:58 - 2014-03-16 11:54 - 00014299 _____ () C:\Users\Owner\Desktop\attach.txt 2014-03-16 11:53 - 2014-03-16 11:53 - 00688992 _____ (Swearware) C:\Users\Owner\Desktop\dds.com 2014-03-16 11:50 - 2014-03-16 11:50 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr 2014-03-16 02:08 - 2014-03-16 02:08 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-16 02:08 - 2014-03-16 02:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 01:57 - 2014-03-15 19:36 - 00158806 _____ () C:\Windows\PFRO.log 2014-03-16 01:57 - 2009-07-13 22:45 - 00419000 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-16 01:24 - 2014-03-16 01:24 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-03-16 01:24 - 2014-03-16 01:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-03-16 00:59 - 2009-07-14 01:45 - 00000000 ____D () C:\Windows\ShellNew 2014-03-16 00:58 - 2014-03-16 00:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2014-03-16 00:58 - 2014-03-16 00:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-03-16 00:58 - 2012-03-06 04:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-16 00:56 - 2014-03-16 00:56 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2014-03-16 00:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-16 00:53 - 2014-03-16 00:53 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-16 00:53 - 2014-03-16 00:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-03-16 00:52 - 2014-03-16 00:52 - 00000000 __RHD () C:\MSOCache 2014-03-16 00:52 - 2014-03-16 00:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help 2014-03-16 00:33 - 2014-03-16 00:33 - 00002122 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk 2014-03-16 00:33 - 2014-03-16 00:33 - 00000000 ____D () C:\Program Files (x86)\Belarc 2014-03-16 00:29 - 2013-04-22 11:22 - 00000258 __RSH () C:\Users\Owner\ntuser.pol 2014-03-16 00:29 - 2012-09-03 08:41 - 00000000 ____D () C:\Users\Owner 2014-03-16 00:29 - 2012-03-06 04:59 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-03-16 00:17 - 2012-03-06 04:48 - 00790464 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-16 00:13 - 2012-04-22 11:18 - 00005736 _____ () C:\Windows\system32\RaCoInst.log 2014-03-16 00:01 - 2013-11-28 00:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FreeVideoConverter 2014-03-16 00:00 - 2014-03-16 00:00 - 00003330 _____ () C:\Windows\System32\Tasks\{9C7A7062-4812-4238-B5FE-7C60E9E266F3} 2014-03-15 22:41 - 2013-12-08 12:58 - 00144384 ___SH () C:\Users\Owner\Desktop\Thumbs.db 2014-03-15 20:21 - 2014-03-15 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes 2014-03-15 20:21 - 2014-03-15 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-15 19:53 - 2013-08-14 20:38 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-15 19:51 - 2012-11-25 20:47 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-15 19:51 - 2012-09-12 16:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-15 19:51 - 2012-09-12 16:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-15 19:51 - 2012-09-12 16:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-15 19:47 - 2014-03-15 19:47 - 00006472 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-15 19:47 - 2013-03-16 08:52 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-15 19:44 - 2012-09-03 08:43 - 00001415 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-15 19:39 - 2012-04-22 11:19 - 00002620 _____ () C:\Windows\system32\AutoRunFilter.ini 2014-03-15 19:36 - 2013-08-04 14:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-15 19:36 - 2013-08-04 14:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-15 19:36 - 2012-09-12 16:47 - 00000000 ____D () C:\Program Files\Google 2014-03-15 19:36 - 2012-03-06 04:49 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-15 19:30 - 2012-09-12 16:50 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google 2014-03-15 19:30 - 2012-09-12 16:47 - 00000000 ____D () C:\ProgramData\Google 2014-03-15 19:24 - 2014-03-15 19:24 - 00001266 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk 2014-03-15 19:24 - 2014-03-15 19:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-03-15 19:23 - 2014-03-15 19:23 - 00000000 ____D () C:\Windows\pss 2014-03-15 19:23 - 2012-09-03 08:43 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-15 19:21 - 2013-06-26 23:31 - 00238128 _____ () C:\Windows\RegBootClean64.exe 2014-03-15 19:21 - 2013-06-26 22:17 - 00000000 ____D () C:\Program Files\CCleaner 2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-01 00:05 - 2014-03-15 19:23 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-28 23:17 - 2014-03-15 19:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-28 23:16 - 2014-03-15 19:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-28 22:58 - 2014-03-15 19:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-28 22:52 - 2014-03-15 19:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-28 22:51 - 2014-03-15 19:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-28 22:42 - 2014-03-15 19:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-28 22:40 - 2014-03-15 19:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-28 22:37 - 2014-03-15 19:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-28 22:33 - 2014-03-15 19:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-28 22:33 - 2014-03-15 19:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-28 22:32 - 2014-03-15 19:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-28 22:30 - 2014-03-15 19:23 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 22:23 - 2014-03-15 19:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-02-28 22:17 - 2014-03-15 19:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-28 22:11 - 2014-03-15 19:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 22:02 - 2014-03-15 19:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-28 21:54 - 2014-03-15 19:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-28 21:52 - 2014-03-15 19:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 21:51 - 2014-03-15 19:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-28 21:47 - 2014-03-15 19:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 21:43 - 2014-03-15 19:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 21:43 - 2014-03-15 19:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 21:42 - 2014-03-15 19:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-28 21:40 - 2014-03-15 19:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-28 21:38 - 2014-03-15 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-28 21:37 - 2014-03-15 19:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-28 21:35 - 2014-03-15 19:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-28 21:18 - 2014-03-15 19:23 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-28 21:16 - 2014-03-15 19:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 21:14 - 2014-03-15 19:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 21:10 - 2014-03-15 19:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-28 21:03 - 2014-03-15 19:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 21:00 - 2014-03-15 19:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-28 20:57 - 2014-03-15 19:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 20:38 - 2014-03-15 19:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-28 20:32 - 2014-03-15 19:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 20:27 - 2014-03-15 19:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 20:25 - 2014-03-15 19:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-28 20:25 - 2014-03-15 19:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-25 13:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache 2014-02-25 11:48 - 2009-07-13 23:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-24 10:17 - 2013-11-12 13:23 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-24 10:17 - 2013-11-12 13:23 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll C:\Users\Owner\AppData\Local\Temp\ose00000.exe C:\Users\Owner\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-23 14:10 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Owner at 2014-03-24 00:50:00 Running from C:\Users\Owner\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA} AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - ) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS) Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) Cricket Broadband 1.0 (HKLM-x32\...\{2B9B1B9E-45E5-4A76-9CA8-E06F897A3201}) (Version: 1.0.1950 - Cricket) Cricket EVDO Modem (HKLM\...\{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}) (Version: 1.1.3683.1001 - Cal-Comp Electronics and Communications Company Limited) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.) CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS) Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LUMIX Simple Viewer (HKLM-x32\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - Panasonic) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7128 - MyHeritage.com) PHOTOfunSTUDIO -viewer- (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 1.00.000 - Panasonic) QuickLink Mobile (HKLM-x32\...\QuickLink Mobile) (Version: 4.8.0 - Smith Micro Software, Inc.) QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Revo Uninstaller Pro 3.0.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.1 - VS Revo Group, Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated) Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Walgreens PictureMover (HKLM-x32\...\{113DE59D-B57A-4075-9D4F-5803DFA69EB7}) (Version: 3.5.0.27 - Hewlett-Packard Company) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS) WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. ) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {11C8801E-8D7A-4112-8232-19C4A3202E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-12] (Google Inc.) Task: {14BC52D5-AA8F-4B94-BACC-DFC6A39284EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {6384342D-3405-43FA-AE2B-B8BB9ADAC952} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6A74B50E-AE28-4F49-A48C-A662FE30ED0B} - System32\Tasks\RunGadgetController => C:\Program Files (x86)\ASUS\InstantOn for NB\GadgetController.exe [2012-02-03] (ASUS) Task: {97014A92-7113-417A-988F-DA3801155CD2} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-03-01] (Trend Micro Inc.) Task: {9B029359-E63C-4C67-9193-63AFEED26F6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-12] (Google Inc.) Task: {D322EF78-A392-46C2-8892-ADAA928C57BC} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {D32B79D9-7226-4937-BA43-3C75180F3C76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15] (Adobe Systems Incorporated) Task: {D3B1FEF7-8E56-4563-A70A-45DCD8095669} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-04 19:24 - 2011-05-05 06:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll 2014-03-23 14:55 - 2013-02-07 12:35 - 00579904 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2013-06-26 21:55 - 2012-05-02 13:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll 2013-06-26 21:55 - 2012-05-02 13:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2013-06-26 21:55 - 2012-05-02 13:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll 2013-06-26 21:55 - 2012-05-02 13:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2013-06-26 21:55 - 2012-05-02 13:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll 2013-06-26 21:45 - 2012-07-25 09:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-08-20 10:57 - 2010-08-20 10:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-20 10:57 - 2010-08-20 10:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2007-07-12 12:11 - 2007-07-12 12:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Bing.website:TASKICON_0sm_weather348354064 AlternateDataStreams: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Bing.website:TASKICON_1sm_finance134497213 AlternateDataStreams: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Bing.website:TASKICON_2sm_news281589382 AlternateDataStreams: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Bing.website:TASKICON_3sm_maps159067220 AlternateDataStreams: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Bing.website:TASKICON_4sm_travel-1173590805 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk => C:\Windows\pss\LUMIX Simple Viewer.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Walgreens PictureMover.lnk => C:\Windows\pss\Walgreens PictureMover.lnk.Startup MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe" MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/23/2014 02:52:14 PM) (Source: Application Hang) (User: ) Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fb8 Start Time: 01cf46d7b42d8525 Termination Time: 22479 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 67bd5963-b2cc-11e3-b0d3-10bf480e9e6c System errors: ============= Error: (03/24/2014 00:28:27 AM) (Source: Service Control Manager) (User: ) Description: The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s). Error: (03/24/2014 00:26:13 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (03/24/2014 00:21:47 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:47 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (03/24/2014 00:21:46 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:45 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:44 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:43 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:42 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (03/24/2014 00:21:41 AM) (Source: iaStor) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Microsoft Office Sessions: ========================= Error: (03/23/2014 02:52:14 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.1fb801cf46d7b42d852522479C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe67bd5963-b2cc-11e3-b0d3-10bf480e9e6c ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 4000.13 MB Available physical RAM: 2456.42 MB Total Pagefile: 7998.43 MB Available Pagefile: 6254.68 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:36.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E3102A4B) Partition: GPT Partition Type. ==================== End Of Log ============================
  8. BNDAZ
    Step 04 JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Owner on Sun 03/23/2014 at 14:24:14.44 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_manga-studio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_manga-studio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_manga-studio_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_manga-studio_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559} ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\iac" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\recipehub_2j" Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter" Successfully deleted: [Folder] "C:\Program Files (x86)\recipehub_2j" Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{107BD879-73ED-4211-A01C-011582C2C0F0} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3E39F61D-80CB-445B-A2CB-116040592629} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{80160E60-572E-4627-984C-5E5B4D2C25BB} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCB5500D-08B2-4F55-8CC9-7589451AFDC3} Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 03/23/2014 at 14:29:30.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[s0].txt # AdwCleaner v3.022 - Report created 23/03/2014 at 14:34:14 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Owner - OWNER-PC # Running from : C:\Users\Owner\Desktop\ANTI MAL\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Lauren\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url Deleted : search_url Deleted : suggest_url Deleted : keyword ************************* AdwCleaner[R0].txt - [2042 octets] - [23/03/2014 14:32:11] AdwCleaner[s0].txt - [1948 octets] - [23/03/2014 14:34:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2008 octets] ########## The last part of this step was to run Malware bytes again and here s where i once again run into a problem: Malwarebytes gets to a certain .dll and locks up. Here is a screenshot :
  9. BNDAZ
    Ok, heres what has happened: Step 03 mbar-log.txt Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.03.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Owner :: OWNER-PC [administrator] 3/23/2014 12:59:24 PM mbar-log-2014-03-23 (12-59-24).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 297441 Time elapsed: 47 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) system-log.txt --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16521 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 4194435072, free: 2772463616 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16521 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 4194435072, free: 2671153152 Downloaded database version: v2014.03.23.08 Downloaded database version: v2014.03.18.01 ======================================= Initializing... ------------ Kernel report ------------ 03/23/2014 12:59:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\DRIVERS\TMEBC64.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\asmtxhci.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbfiltr.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\SysWOW64\drivers\Afc.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\asmthub3.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\tmnciesc.sys \SystemRoot\system32\DRIVERS\tmeevw.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\ws2_32.dll \Windows\System32\psapi.dll \Windows\System32\iertutil.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\normaliz.dll \Windows\System32\advapi32.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\msvcrt.dll \Windows\System32\oleaut32.dll \Windows\System32\difxapi.dll \Windows\System32\lpk.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\wininet.dll \Windows\System32\clbcatq.dll \Windows\System32\rpcrt4.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\urlmon.dll \Windows\System32\shlwapi.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8009663790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007f\ Lower Device Object: 0xfffffa8007134060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004cd02b0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004747050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004cd02b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004cd1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004cd02b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800467e400, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004747050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E3102A4B Partition information: Partition 0 type is Other (0x1c) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 52428800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 52430848 Numsec = 250056704 Partition is not bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 302487552 Numsec = 322652160 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  10. BNDAZ
    i loged in with another machine and downloaded the file i attached so i could paste it here: RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 03/22/2014 04:20:31 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [iFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND [iFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND [iFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND [iFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 1 ¤¤¤ [CHR][PUP] Default : DefaultTab ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS +++++ --- User --- [MBR] 2d7d94ba8776bd501073fc5c5b67dc55 [bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03222014_042031.txt >>
  11. BNDAZ
    Thank you for the reply, Rkill indicates no issue. I have started the process you outlined and am having issues with malwarebytes. As in my OP the scan begins an then stops at a certain point usually with 2 minutes. the original file it stopped at(and subsequently sends the entire system into a lock) isn C:/WINDOWS/SYSTEM32/Nlsdata003e.dll. during this last attempt the path is then same but the file is Nlsdata004.dll. I continued with the directions for rougekiller. Strangely I cannot cut/copy paste on this machine with either right click or ctrl c/v soe I have attached the file. thank you for your time and assistance RKreport0_S_03222014_042031.txt
  12. BNDAZ
    Transferred files to my system in order to copy paste: unable to paste on infected machine DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 Run by Owner at 11:51:26 on 2014-03-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2103 [GMT -6:00] . AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mStart Page = about:blank mWinlogon: Userinit = userinit.exe, BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{7AAB90B5-32FB-4C64-AC5C-49602B6D8299} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D5FDFFCD-9C3B-4790-BE7F-CC00687A2ACB} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{D5FDFFCD-9C3B-4790-BE7F-CC00687A2ACB}\24563747245797 : NameServer = 168.94.0.14,168.94.0.15 TCP: Interfaces\{D5FDFFCD-9C3B-4790-BE7F-CC00687A2ACB}\24563747245797 : DHCPNameServer = 168.94.0.14 168.94.0.15 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~2\movies~1\datamngr\mgrldr.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL IFEO: bitguard.exe - tasklist.exe IFEO: bprotect.exe - tasklist.exe IFEO: browserdefender.exe - tasklist.exe IFEO: browserprotect.exe - tasklist.exe x64-mStart Page = about:blank x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [synAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned> x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-IFEO: bitguard.exe - tasklist.exe x64-IFEO: bprotect.exe - tasklist.exe x64-IFEO: browserdefender.exe - tasklist.exe x64-IFEO: browserprotect.exe - tasklist.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-6-26 46392] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-6-26 77184] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-4-22 379520] R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-6-26 310952] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-22 2656280] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-4 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-4 76912] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-4-9 2430224] R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-6-26 94520] R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-6-26 210232] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-17 74840] S3 ATMFBUS;A600 USB Composite Device Driver;C:\Windows\System32\drivers\ATMFBUS.sys [2012-9-6 63488] S3 ATMFCVsp;A600 Cricket CM Port;C:\Windows\System32\drivers\ATMFCVsp.sys [2012-9-6 166528] S3 ATMFFLT;A600 USB Modem Installation CD;C:\Windows\System32\drivers\ATMFFLT.sys [2012-9-6 15872] S3 ATMFMdm;A600 Cricket EVDO Modem;C:\Windows\System32\drivers\ATMFMdm.sys [2012-9-6 166528] S3 ATMFNET;A600 Cricket EVDO Network Adapter;C:\Windows\System32\drivers\ATMFNET.sys [2012-9-6 133632] S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;C:\Windows\System32\drivers\ATMFNVsp.sys [2012-9-6 166528] S3 ATMFVsp;A600 Cricket Diagnostics Port;C:\Windows\System32\drivers\ATMFVsp.sys [2012-9-6 166528] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-6 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-15 111616] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-14 31800] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-03-16 08:08:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-03-16 08:08:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-16 07:43:31 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C506D00-8FCC-484B-8131-DCBCD362D8B0}\offreg.dll 2014-03-16 06:58:41 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2014-03-16 06:53:02 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2014-03-16 06:52:35 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help 2014-03-16 06:33:21 -------- d-----w- C:\Program Files (x86)\Belarc 2014-03-16 06:12:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2014-03-16 06:12:48 366592 ----a-w- C:\Windows\System32\qdvd.dll 2014-03-16 02:21:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2014-03-16 02:21:25 -------- d-----w- C:\ProgramData\Malwarebytes 2014-03-16 01:59:19 -------- d-----w- C:\Windows\Migration 2014-03-16 01:47:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-03-16 01:24:33 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2014-03-16 01:22:26 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-16 01:22:25 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-16 01:22:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-16 01:22:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-03-16 01:21:02 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C506D00-8FCC-484B-8131-DCBCD362D8B0}\mpengine.dll 2014-02-24 16:16:03 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2014-02-24 16:16:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-02-24 16:16:03 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-24 16:16:03 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-02-21 22:37:23 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-21 22:37:23 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-02-21 22:37:23 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-21 22:37:23 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-02-17 01:48:52 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-17 01:48:52 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll . ==================== Find3M ==================== . 2014-03-16 01:51:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-16 01:51:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-16 01:21:48 238128 ----a-w- C:\Windows\RegBootClean64.exe 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-02-03 19:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll . ============= FINISH: 11:53:53.30 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/3/2012 8:41:27 AM System Uptime: 3/16/2014 11:47:18 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K54C Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU 1 | 2200/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 34.784 GiB free. D: is FIXED (NTFS) - 154 GiB total, 153.756 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP221: 3/15/2014 11:15:19 PM - Revo Uninstaller's restore point - Movies Toolbar for Internet Explorer (Dist. by Koyote-Lab, Inc.) RP222: 3/15/2014 11:19:07 PM - Revo Uninstaller's restore point - Torch RP223: 3/15/2014 11:22:21 PM - Revo Uninstaller's restore point - Sendori RP224: 3/16/2014 12:12:51 AM - Windows Update RP225: 3/16/2014 12:15:52 AM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300 RP226: 3/16/2014 12:16:57 AM - Windows Update RP227: 3/16/2014 12:42:54 AM - Revo Uninstaller's restore point - Microsoft Office 2010 RP228: 3/16/2014 12:43:16 AM - Removed Microsoft Office 2010 RP229: 3/16/2014 12:51:36 AM - Installed Microsoft Office Professional Plus 2010 RP230: 3/16/2014 1:21:05 AM - Windows Update RP231: 3/16/2014 1:43:37 AM - Windows Update . ==== Image File Execution Options ============= . IFEO: bitguard.exe - tasklist.exe IFEO: bprotect.exe - tasklist.exe IFEO: browserdefender.exe - tasklist.exe IFEO: browserprotect.exe - tasklist.exe x64-IFEO: bitguard.exe - tasklist.exe x64-IFEO: bprotect.exe - tasklist.exe x64-IFEO: browserdefender.exe - tasklist.exe x64-IFEO: browserprotect.exe - tasklist.exe . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Flash Player 12 ActiveX Adobe Reader XI (11.0.06) Alcor Micro USB Card Reader AOL Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update Asmedia ASM104x USB 3.0 Host Controller Driver ATK Package Belarc Advisor 8.4 Bonjour CCleaner Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas Cricket Broadband 1.0 Cricket EVDO Modem CyberLink LabelPrint CyberLink Media Suite CyberLink Power2Go D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Fast Boot Free Video Converter V 3.2 Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Google Update Helper HP Deskjet 1050 J410 series Basic Device Software HP Deskjet 1050 J410 series Help HP Deskjet 1050 J410 series Product Improvement Study HP Photo Creations HP Update InstantOn for NB Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics IrfanView (remove only) iTunes Java 7 Update 51 Java Auto Updater Junk Mail filter update LUMIX Simple Viewer Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 MyHeritage Family Tree Builder PHOTOfunSTUDIO -viewer- QuickLink Mobile QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Revo Uninstaller 1.95 Revo Uninstaller Pro 3.0.1 Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition Sonic Focus Synaptics Pointing Device Driver Trend Micro Titanium Trend Micro Titanium Maximum Security Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Walgreens PictureMover Windows Live Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash WinZip 17.0 Wireless Console 3 . ==== Event Viewer Messages From Past Week ======== . 3/16/2014 2:50:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition. 3/16/2014 2:50:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect. 3/16/2014 2:50:07 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2014 2:50:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/16/2014 2:36:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 3/16/2014 2:36:28 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/16/2014 2:36:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} 3/15/2014 9:44:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service. 3/15/2014 8:14:24 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting. 3/15/2014 7:12:34 PM, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (20043514930CE4A11509). 3/15/2014 11:53:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 3/15/2014 11:52:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. 3/15/2014 11:52:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. 3/15/2014 11:51:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 3/15/2014 11:51:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 3/15/2014 11:50:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service. 3/15/2014 11:50:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/15/2014 11:49:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service. 3/15/2014 11:48:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service. 3/15/2014 11:48:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 3/15/2014 11:47:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service. 3/15/2014 11:04:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/15/2014 11:02:46 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 3/15/2014 10:41:43 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/15/2014 10:41:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/15/2014 10:41:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/15/2014 10:41:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/15/2014 10:41:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/15/2014 10:41:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO discache spldr tmactmon tmevtmgr tmtdi Wanarpv6 3/14/2014 4:11:31 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. . ==== End Of File ===========================
  13. BNDAZ
    was not able to copy paste logs I have attched them dds.txt attach.txt
  14. BNDAZ
    goign to run DDS and attach log shortly on that machine.
  15. BNDAZ
    been trying for days to run malwarebytes, normal mode safe mode, after running rkill( which finds nothing), atthe start of this at one point MWB indicated it had found 16 infections, but had locked up so i had to hard reboot to get the system running. Now everytime it runs it get about 1min 45 seconds in to C:\WINDOWS\SYSTEM32\NlsData003e.dll and the time elapsed counter stops and MWB just doesn progress past that point, i left it last time for an hour. if then i try to pause or canel the scan, the MWB windows goes gray and it says "not responding" next to malware bytes at the top left of the window. the whole system tehn become unresponsive. any direction on how to approach this? Thanks !
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.