Jump to content


Photo
- - - - -

Got the FBI Cyber Crime ransomware mostly dealt with, but I still need a little help


  • This topic is locked This topic is locked
24 replies to this topic

#1 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 September 2013 - 05:46 AM

I got the FBI Cyber Crime ransomware discussed at this Bot Crawl link:

http://botcrawl.com/...division-virus/

 

I was able to get the task manager to load and access my desktop in safe mode and made a second user account.  From there I followed the basic advice at the link I provided.  Meaning, I downloaded and ran the Malwarebytes software from the second account and I seemed to have mostly fixed my problem.

 

Now that the main symptoms are gone, I still have a startup issue that I need some help with.  I'm running Windows 8 Pro and after I log in at startup, instead of loading the metro interface as normal, a command prompt pops up with the following message:

 

C:\Users\*my first name*\appData\local\Ug3Q9mG3o\4UBhzS3S1.exe  is not recognized as an internal or external command operable program or batch file.

 

I'm thinking that this .exe file was one that the Malwarebytes software removed, but I'm not positive.

 

Nothing happens beyond that.  It's just a black screen with a command prompt.  I can close the command prompt and CTRL+ALT+DEL to bring up task manager and start explorer.exe from there and use my computer as normal from there.  But it would be nice to just get things back to normal.  The second account does not have this problem at all.  I've considered migrating over to a new account, but my primary account is also my Windows Live ID and I would like to keep that functionality.  I tried the Windows 8 refresh option, but it just got to 99% and stayed there for hours.  I see other people online saying that you need a Windows 8 disc to use this feature, and I don't have that...I downloaded it directly from Microsoft during that promotion last fall.

 

As a secondary question, is there a way to delete the temporary internet files stored in the Content.IE5 folder?  My Malwarebytes scan took almost 10 hours and I think half of that was going through gigs of temporary internet files stored in that folder.  I would have assumed that simply going into IE and choosing to delete temporary internet files would do the trick, but I feel like I've done that enough that there shouldn't be hundreds of thousands of files in the Content.IE5 folder.  All of this is happening within the Windows.old directory, so I'm wondering if there is a different way to deal with these files.



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 September 2013 - 07:11 AM

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 September 2013 - 08:54 AM

RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 32 bits version
Started in : Normal mode
User : *my name* [Admin rights]
Mode : Scan -- Date : 09/04/2013 09:51:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (133.242.144.168:3128) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[AUTORUN] HKCU\[...]\Command Processor : AutoRun ("C:\Users\*my name*\AppData\Local\Ug3Q9mG3o\4UBhzS3S1.exe") -> FOUND
[AUTORUN] HKCU\[...]\Command Processor : AutoRun ("C:\Users\*my name*\AppData\Local\Ug3Q9mG3o\4UBhzS3S1.exe") -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] {9A2C08F6-5EB9-4FBF-8704-16F5D4766132}.job : C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad

\ecaaeafabddfad.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] 52e0d3ceb41369d34eece95023a7795c
[BSP] 33e870195992370a52af789e14cb7fe0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] d21a4ecfd1aa5ae3c531e602189cd539
[BSP] 98505dec7c335decb522b9006cb78a7c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09042013_095131.txt >>

 

 



#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 September 2013 - 09:03 AM

Did you set this proxy:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (133.242.144.168:3128) -> FOUND

-----------------------------------

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[AUTORUN] HKCU\[...]\Command Processor : AutoRun ("C:\Users\*my name*\AppData\Local\Ug3Q9mG3o\4UBhzS3S1.exe") -> FOUND
[AUTORUN] HKCU\[...]\Command Processor : AutoRun ("C:\Users\*my name*\AppData\Local\Ug3Q9mG3o\4UBhzS3S1.exe") -> FOUND
[V1][SUSP PATH] {9A2C08F6-5EB9-4FBF-8704-16F5D4766132}.job : C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad
\ecaaeafabddfad.exe [x] -> FOUND


Now click Delete on the right hand column under Options

-------------

Then.....

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 September 2013 - 10:03 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03
Ran by *my name* (administrator) on *my name*-PC on 04-09-2013 10:45:26
Running from C:\Users\*my name*\Desktop\FRST
Microsoft Windows 8 Pro (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\system32\CTsvcCDA.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
( ) C:\WINDOWS\system32\lxducoms.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\system32\PnkBstrA.exe
(Rovi Corporation) C:\Program Files\Rovi\Rovi Player\RNowSvc.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\STacSV.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Rovi Corporation) C:\Program Files\Rovi\Rovi Player\RNowShell.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(Rovi Corporation) C:\Program Files\Rovi\Rovi Player\CNRpc.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RoxioNowMediaManagerApp] - C:\Program Files\Rovi\Rovi Player\RNowShell.exe [4777352 2012-12-27] (Rovi Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [lxdumon.exe] - C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2008-05-29] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe [131752 2008-05-29] (Lexmark International Inc.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKCU\...\Winlogon: [Shell] cmd.exe [349696 2012-07-25] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor:  <======= ATTENTION
HKU\Mcx1\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [ 2012-07-25] (Microsoft Corporation)
HKU\Mcx1\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2012-07-25] (Microsoft Corporation)
HKU\Mcx2-*my name*-PC\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [ 2012-07-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 133.242.144.168:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theninhot.../news/index.php
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion

\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

(Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 204.186.80.229 216.144.187.101 216.144.187.199

FireFox:
========
FF ProfilePath: C:\Users\*my name*\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default
FF user.js: detected! => C:\Users\*my name*\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft

Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\*my name*\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move

Networks)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com,

Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\*my name*\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina

Marketing Corporation)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\*my name*\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\Extensions

\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: abb - C:\Users\*my name*\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\Extensions\abb@amazon.com.xpi
FF Extension: amznUWL2 - C:\Users\*my name*\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\Extensions\amznUWL2@amazon.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation

\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] C:\Users\*my name*\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\*my name*\AppData\Roaming\Move Networks

========================== Services (Whitelisted) =================

R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-03-04] (Amazon.com)
R2 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23]

(Amazon.com)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion

Corporation)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2007-05-04]

(Creative Labs)
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2006-12-19] (Creative Technology Ltd)
S2 gupdate1c9d10965fc5000; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-09] (Google Inc.)
S2 lxduCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-23] (Lexmark International, Inc.)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-23] ( )
R2 MSMQ; C:\Windows\system32\mqsvc.exe [24064 2012-07-25] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-08-04] ()
R2 RNow Service; C:\Program Files\Rovi\Rovi Player\RNowSvc.exe [176520 2012-12-27] (Rovi Corporation)
R2 STacSV; C:\WINDOWS\system32\STacSV.exe [90112 2007-02-08] (SigmaTel, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.)
R3 e1express; C:\Windows\system32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 MpKsle9abe226; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{642AB80E-62CD-489D-82B7-1668E477E653}\MpKsle9abe226.sys [29904

2013-09-04] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141312 2012-07-25] (Microsoft Corporation)
R3 STHDA; C:\Windows\system32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [68608 2012-07-25] (Microsoft Corporation)
U3 idsvc;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-04 10:44 - 2013-09-04 10:44 - 00000000 ____D C:\Users\*my name*\Desktop\FRST
2013-09-04 10:42 - 2013-09-04 10:42 - 00003168 _____ C:\Users\*my name*\Desktop\RKreport[0]_D_09042013_104254.txt
2013-09-04 10:40 - 2013-09-04 10:40 - 00003191 _____ C:\Users\*my name*\Desktop\RKreport[0]_S_09042013_104024.txt
2013-09-04 09:51 - 2013-09-04 09:53 - 00003178 _____ C:\Users\*my name*\Desktop\RKreport[0]_S_09042013_095131.txt
2013-09-04 09:48 - 2013-09-04 10:42 - 00000000 ____D C:\Users\*my name*\Desktop\RK_Quarantine
2013-09-04 09:28 - 2013-09-04 09:28 - 00918016 _____ C:\Users\*my name*\Desktop\RogueKiller.exe
2013-09-04 06:46 - 2013-09-04 06:46 - 00000212 _____ C:\Users\*my name*\Desktop\Malware bytes Forum.url
2013-09-03 10:49 - 2013-09-03 10:49 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Malwarebytes
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-03 10:49 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-03 10:48 - 2013-09-03 10:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\temp account

\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-03 10:46 - 2013-09-03 10:46 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Adobe
2013-09-03 10:46 - 2013-09-03 10:46 - 00000000 ____D C:\Users\temp account\AppData\Local\Macromedia
2013-09-03 10:37 - 2013-09-03 10:38 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Mozilla
2013-09-03 10:37 - 2013-09-03 10:37 - 00000000 ____D C:\Users\temp account\AppData\Local\Mozilla
2013-09-03 10:36 - 2013-09-03 10:37 - 00000000 ____D C:\Users\temp account
2013-09-03 10:36 - 2013-09-03 10:36 - 00000020 ___SH C:\Users\temp account\ntuser.ini
2013-09-03 10:36 - 2012-12-19 00:38 - 00000000 ____D C:\Users\temp account\Documents\Visual Studio 2010
2013-09-03 10:36 - 2012-12-19 00:38 - 00000000 ____D C:\Users\temp account\Documents\Visual Studio 2005
2013-09-03 10:36 - 2012-12-19 00:38 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Macromedia
2013-09-03 10:36 - 2012-12-19 00:38 - 00000000 ____D C:\Users\temp account\AppData\Local\Microsoft Help
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\1et5kFzy
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Local\1NcMWaK8Rd
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\ProgramData\tc2WEAm0Xq
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\XHAcHbKgq
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\Users\*my name*\AppData\Local\d90x1z4dXDS
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\ProgramData\2m30GOli3BB
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\3t6Ny17mVcP
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Local\MCJYXEyz0H
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\ProgramData\UJgTUQTWLJh
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\rCxS2ITVez
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Local\EcKA8WhQ6vg
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\ProgramData\gzwkCaw0YQ
2013-09-03 07:15 - 2013-09-03 13:34 - 00000000 ___HD C:\$SysReset
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\mKIMiEO9e4
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Local\9vI67T8jKw
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\ProgramData\N7Q0RKAcWJU
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\VjjSDRTljC
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Local\mgFbZl7Itq
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\ProgramData\hkZspQyP
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\j9vpKLFd
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\Users\*my name*\AppData\Local\JzXDli55dm
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\ProgramData\zoEnZWhWjb
2013-09-03 05:07 - 2013-09-04 03:48 - 00000000 ____D C:\Users\*my name*\AppData\Local\Ug3Q9mG3o
2013-09-03 05:07 - 2013-09-03 06:44 - 00000000 ____D C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad
2013-09-03 05:07 - 2013-09-03 05:07 - 00000000 _____ C:\Users\*my name*\googleupdate.exe
2013-09-02 06:55 - 2013-09-02 06:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-613928674.txt
2013-09-02 06:23 - 2013-09-02 06:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-612044634.txt
2013-08-30 14:18 - 2013-08-30 14:18 - 00000118 _____ C:\Users\*my name*\Desktop\Every 2 Minutes.url
2013-08-30 03:12 - 2013-08-30 03:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-341375365.txt
2013-08-30 03:12 - 2013-08-30 03:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-341375178.txt
2013-08-28 04:35 - 2013-08-28 04:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-173532423.txt
2013-08-28 04:35 - 2013-08-28 04:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-173531752.txt
2013-08-26 09:42 - 2013-08-27 14:44 - 00000000 ____D C:\Users\*my name*\Desktop\Hesitation Marks
2013-08-26 08:32 - 2013-08-26 08:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-14978045.txt
2013-08-26 07:52 - 2013-08-26 07:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-12598422.txt
2013-08-26 04:23 - 2013-08-26 04:23 - 00144520 _____ C:\WINDOWS\Minidump\082613-41589-01.dmp
2013-08-26 04:17 - 2013-08-26 01:09 - 00000000 ____D C:\Users\*my name*\Desktop\NIN Tour Rehearsal 2013
2013-08-26 02:05 - 2013-08-26 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-598444358.txt
2013-08-26 02:05 - 2013-08-26 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-598437307.txt
2013-08-25 12:17 - 2013-09-02 14:21 - 00000439 _____ C:\Users\*my name*\Desktop\PS4.txt
2013-08-25 03:16 - 2013-08-25 03:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-516277009.txt
2013-08-25 03:16 - 2013-08-25 03:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-516275449.txt
2013-08-22 02:22 - 2013-08-22 02:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-253843079.txt
2013-08-22 02:22 - 2013-08-22 02:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-253841800.txt
2013-08-20 03:03 - 2013-08-20 03:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-83510751.txt
2013-08-20 03:03 - 2013-08-20 03:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-83510408.txt
2013-08-19 17:04 - 2013-08-19 17:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-47571771.txt
2013-08-19 17:01 - 2013-08-19 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-47387128.txt
2013-08-19 03:52 - 2013-08-19 03:52 - 00144520 _____ C:\WINDOWS\Minidump\081913-45848-01.dmp
2013-08-18 07:19 - 2013-08-30 10:52 - 00000502 _____ C:\Users\*my name*\Desktop\VUDU.txt
2013-08-17 12:04 - 2013-08-17 12:04 - 00000000 ____D C:\Program Files\Origin Games
2013-08-17 12:03 - 2013-08-17 12:04 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Origin
2013-08-17 12:03 - 2013-08-17 12:04 - 00000000 ____D C:\Users\*my name*\AppData\Local\Origin
2013-08-17 12:01 - 2013-08-17 12:04 - 00000000 ____D C:\ProgramData\Origin
2013-08-17 12:01 - 2013-08-17 12:03 - 00000000 ____D C:\Program Files\Origin
2013-08-17 12:01 - 2013-08-17 12:01 - 00000943 _____ C:\Users\Public\Desktop\Origin.lnk
2013-08-17 12:01 - 2013-08-17 12:01 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-17 05:33 - 2013-08-17 05:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 01:57 - 2013-08-16 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-744139245.txt
2013-08-16 01:57 - 2013-08-16 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-744136469.txt
2013-08-15 01:57 - 2013-08-15 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-657762428.txt
2013-08-15 01:57 - 2013-08-15 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-657759011.txt
2013-08-13 02:00 - 2013-08-13 02:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-485150691.txt
2013-08-13 01:28 - 2013-08-13 01:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-483207387.txt
2013-08-12 00:09 - 2013-08-12 00:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-392091742.txt
2013-08-12 00:09 - 2013-08-12 00:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-392088030.txt
2013-08-10 23:04 - 2013-08-10 23:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-301755261.txt
2013-08-10 23:04 - 2013-08-10 23:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-301753560.txt
2013-08-10 15:59 - 2013-08-10 15:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-276283885.txt
2013-08-10 15:26 - 2013-08-10 15:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-274267058.txt
2013-08-10 06:58 - 2013-08-10 06:58 - 00000000 ____D C:\Users\*my name*\Documents\SavedGames
2013-08-10 00:40 - 2013-08-10 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-221119529.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-221119389.txt
2013-08-09 02:27 - 2013-08-09 02:27 - 00000000 ____D C:\Users\*my name*\Documents\Facepalm Games
2013-08-09 01:44 - 2013-08-09 01:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-138548668.txt
2013-08-09 01:44 - 2013-08-09 01:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-138548528.txt
2013-08-08 13:44 - 2013-08-08 13:44 - 00000000 ____D C:\Users\*my name*\Documents\Klei
2013-08-08 02:14 - 2013-08-08 02:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-53936908.txt
2013-08-08 02:14 - 2013-08-08 02:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-53936503.txt
2013-08-07 05:30 - 2013-08-07 05:30 - 00000000 ____D C:\Users\*my name*\.revenge_of_the_titans_1.80
2013-08-07 05:29 - 2013-08-07 05:30 - 00000000 ____D C:\Users\*my name*\AppData\Local\RevengeOfTheTitans
2013-08-05 12:33 - 2013-08-05 12:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-427351697.txt
2013-08-05 12:33 - 2013-08-05 12:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-427349294.txt
2013-08-05 07:27 - 2013-08-05 07:27 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print

Savings
2013-08-05 07:27 - 2013-08-05 07:27 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Catalina – Print Savings
2013-08-05 01:25 - 2013-08-05 01:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-387256959.txt
2013-08-05 01:25 - 2013-08-05 01:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-387256788.txt

==================== One Month Modified Files and Folders =======

2013-09-04 10:45 - 2013-09-04 10:45 - 00000000 ____D C:\FRST
2013-09-04 10:44 - 2013-09-04 10:44 - 00000000 ____D C:\Users\*my name*\Desktop\FRST
2013-09-04 10:42 - 2013-09-04 10:42 - 00003168 _____ C:\Users\*my name*\Desktop\RKreport[0]_D_09042013_104254.txt
2013-09-04 10:42 - 2013-09-04 09:48 - 00000000 ____D C:\Users\*my name*\Desktop\RK_Quarantine
2013-09-04 10:40 - 2013-09-04 10:40 - 00003191 _____ C:\Users\*my name*\Desktop\RKreport[0]_S_09042013_104024.txt
2013-09-04 10:19 - 2012-04-17 10:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-04 10:00 - 2012-07-26 02:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-04 09:58 - 2009-06-30 02:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 09:53 - 2013-09-04 09:51 - 00003178 _____ C:\Users\*my name*\Desktop\RKreport[0]_S_09042013_095131.txt
2013-09-04 09:42 - 2013-07-28 14:35 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Azureus
2013-09-04 09:28 - 2013-09-04 09:28 - 00918016 _____ C:\Users\*my name*\Desktop\RogueKiller.exe
2013-09-04 06:56 - 2012-07-26 02:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-04 06:46 - 2013-09-04 06:46 - 00000212 _____ C:\Users\*my name*\Desktop\Malware bytes Forum.url
2013-09-04 05:05 - 2012-12-19 01:07 - 01160802 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-04 05:03 - 2009-06-30 02:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 05:02 - 2012-07-26 02:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-04 04:29 - 2012-07-26 00:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-04 03:49 - 2012-12-19 00:15 - 00109258 _____ C:\WINDOWS\PFRO.log
2013-09-04 03:48 - 2013-09-03 05:07 - 00000000 ____D C:\Users\*my name*\AppData\Local\Ug3Q9mG3o
2013-09-04 03:48 - 2012-12-19 00:23 - 00000000 ____D C:\Users\*my name*
2013-09-03 13:34 - 2013-09-03 07:15 - 00000000 ___HD C:\$SysReset
2013-09-03 11:16 - 2009-10-24 17:27 - 00000000 __SHD C:\Recovery
2013-09-03 10:49 - 2013-09-03 10:49 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Malwarebytes
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-03 10:49 - 2013-09-03 10:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-03 10:48 - 2013-09-03 10:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\temp account

\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-03 10:46 - 2013-09-03 10:46 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Adobe
2013-09-03 10:46 - 2013-09-03 10:46 - 00000000 ____D C:\Users\temp account\AppData\Local\Macromedia
2013-09-03 10:38 - 2013-09-03 10:37 - 00000000 ____D C:\Users\temp account\AppData\Roaming\Mozilla
2013-09-03 10:37 - 2013-09-03 10:37 - 00000000 ____D C:\Users\temp account\AppData\Local\Mozilla
2013-09-03 10:37 - 2013-09-03 10:36 - 00000000 ____D C:\Users\temp account
2013-09-03 10:36 - 2013-09-03 10:36 - 00000020 ___SH C:\Users\temp account\ntuser.ini
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\1et5kFzy
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Local\1NcMWaK8Rd
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\ProgramData\tc2WEAm0Xq
2013-09-03 09:50 - 2013-09-03 09:51 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\XHAcHbKgq
2013-09-03 09:50 - 2013-09-03 09:51 - 00182272 _____ C:\Users\*my name*\AppData\Local\d90x1z4dXDS
2013-09-03 09:50 - 2013-09-03 09:51 - 00182272 _____ C:\ProgramData\2m30GOli3BB
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\3t6Ny17mVcP
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Local\MCJYXEyz0H
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\ProgramData\UJgTUQTWLJh
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\rCxS2ITVez
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Local\EcKA8WhQ6vg
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\ProgramData\gzwkCaw0YQ
2013-09-03 06:44 - 2013-09-03 05:07 - 00000000 ____D C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad
2013-09-03 05:40 - 2012-12-03 17:43 - 00000000 ____D C:\WINDOWS\pss
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\mKIMiEO9e4
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Local\9vI67T8jKw
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\ProgramData\N7Q0RKAcWJU
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\VjjSDRTljC
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Local\mgFbZl7Itq
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\ProgramData\hkZspQyP
2013-09-03 05:07 - 2013-09-03 05:08 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\j9vpKLFd
2013-09-03 05:07 - 2013-09-03 05:08 - 00182272 _____ C:\Users\*my name*\AppData\Local\JzXDli55dm
2013-09-03 05:07 - 2013-09-03 05:08 - 00182272 _____ C:\ProgramData\zoEnZWhWjb
2013-09-03 05:07 - 2013-09-03 05:07 - 00000000 _____ C:\Users\*my name*\googleupdate.exe
2013-09-02 14:29 - 2010-04-07 08:38 - 00000000 ____D C:\Users\*my name*\Desktop\Misc
2013-09-02 14:21 - 2013-08-25 12:17 - 00000439 _____ C:\Users\*my name*\Desktop\PS4.txt
2013-09-02 06:55 - 2013-09-02 06:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-613928674.txt
2013-09-02 06:23 - 2013-09-02 06:23 - 00000117 _____ C:\WINDOWS\system32\netcfg-612044634.txt
2013-08-31 13:57 - 2012-07-26 02:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-31 09:55 - 2013-08-02 03:47 - 00000403 _____ C:\Users\*my name*\Desktop\sep.txt
2013-08-31 08:20 - 2008-01-09 21:58 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-08-30 14:18 - 2013-08-30 14:18 - 00000118 _____ C:\Users\*my name*\Desktop\Every 2 Minutes.url
2013-08-30 10:52 - 2013-08-18 07:19 - 00000502 _____ C:\Users\*my name*\Desktop\VUDU.txt
2013-08-30 03:12 - 2013-08-30 03:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-341375365.txt
2013-08-30 03:12 - 2013-08-30 03:12 - 00000117 _____ C:\WINDOWS\system32\netcfg-341375178.txt
2013-08-29 07:13 - 2013-07-24 01:42 - 00000000 ____D C:\Users\*my name*\Documents\Telltale Games
2013-08-28 04:35 - 2013-08-28 04:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-173532423.txt
2013-08-28 04:35 - 2013-08-28 04:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-173531752.txt
2013-08-27 14:44 - 2013-08-26 09:42 - 00000000 ____D C:\Users\*my name*\Desktop\Hesitation Marks
2013-08-26 08:32 - 2013-08-26 08:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-14978045.txt
2013-08-26 07:52 - 2013-08-26 07:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-12598422.txt
2013-08-26 04:23 - 2013-08-26 04:23 - 00144520 _____ C:\WINDOWS\Minidump\082613-41589-01.dmp
2013-08-26 04:23 - 2013-02-04 05:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-26 02:05 - 2013-08-26 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-598444358.txt
2013-08-26 02:05 - 2013-08-26 02:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-598437307.txt
2013-08-26 01:09 - 2013-08-26 04:17 - 00000000 ____D C:\Users\*my name*\Desktop\NIN Tour Rehearsal 2013
2013-08-25 15:12 - 2010-01-11 18:13 - 00000000 ____D C:\ProgramData\Lx_cats
2013-08-25 03:16 - 2013-08-25 03:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-516277009.txt
2013-08-25 03:16 - 2013-08-25 03:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-516275449.txt
2013-08-22 02:22 - 2013-08-22 02:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-253843079.txt
2013-08-22 02:22 - 2013-08-22 02:22 - 00000117 _____ C:\WINDOWS\system32\netcfg-253841800.txt
2013-08-20 03:03 - 2013-08-20 03:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-83510751.txt
2013-08-20 03:03 - 2013-08-20 03:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-83510408.txt
2013-08-19 17:04 - 2013-08-19 17:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-47571771.txt
2013-08-19 17:01 - 2013-08-19 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-47387128.txt
2013-08-19 03:52 - 2013-08-19 03:52 - 00144520 _____ C:\WINDOWS\Minidump\081913-45848-01.dmp
2013-08-19 03:51 - 2012-04-26 11:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 02:55 - 2012-12-19 00:21 - 01049090 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-17 12:04 - 2013-08-17 12:04 - 00000000 ____D C:\Program Files\Origin Games
2013-08-17 12:04 - 2013-08-17 12:03 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Origin
2013-08-17 12:04 - 2013-08-17 12:03 - 00000000 ____D C:\Users\*my name*\AppData\Local\Origin
2013-08-17 12:04 - 2013-08-17 12:01 - 00000000 ____D C:\ProgramData\Origin
2013-08-17 12:03 - 2013-08-17 12:01 - 00000000 ____D C:\Program Files\Origin
2013-08-17 12:01 - 2013-08-17 12:01 - 00000943 _____ C:\Users\Public\Desktop\Origin.lnk
2013-08-17 12:01 - 2013-08-17 12:01 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-17 05:34 - 2013-08-17 05:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 01:57 - 2013-08-16 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-744139245.txt
2013-08-16 01:57 - 2013-08-16 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-744136469.txt
2013-08-15 15:51 - 2012-01-18 22:18 - 00000000 ____D C:\Users\*my name*\Desktop\Upcoming Auctions
2013-08-15 01:57 - 2013-08-15 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-657762428.txt
2013-08-15 01:57 - 2013-08-15 01:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-657759011.txt
2013-08-13 02:00 - 2013-08-13 02:00 - 00000117 _____ C:\WINDOWS\system32\netcfg-485150691.txt
2013-08-13 01:28 - 2013-08-13 01:28 - 00000117 _____ C:\WINDOWS\system32\netcfg-483207387.txt
2013-08-12 00:09 - 2013-08-12 00:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-392091742.txt
2013-08-12 00:09 - 2013-08-12 00:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-392088030.txt
2013-08-11 13:53 - 2010-06-23 07:31 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\vlc
2013-08-10 23:04 - 2013-08-10 23:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-301755261.txt
2013-08-10 23:04 - 2013-08-10 23:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-301753560.txt
2013-08-10 15:59 - 2013-08-10 15:59 - 00000117 _____ C:\WINDOWS\system32\netcfg-276283885.txt
2013-08-10 15:26 - 2013-08-10 15:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-274267058.txt
2013-08-10 06:58 - 2013-08-10 06:58 - 00000000 ____D C:\Users\*my name*\Documents\SavedGames
2013-08-10 03:08 - 2007-05-09 19:35 - 00000000 ____D C:\Users\*my name*\Documents\My Games
2013-08-10 00:40 - 2013-08-10 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-221119529.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-221119389.txt
2013-08-09 02:27 - 2013-08-09 02:27 - 00000000 ____D C:\Users\*my name*\Documents\Facepalm Games
2013-08-09 01:44 - 2013-08-09 01:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-138548668.txt
2013-08-09 01:44 - 2013-08-09 01:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-138548528.txt
2013-08-08 13:44 - 2013-08-08 13:44 - 00000000 ____D C:\Users\*my name*\Documents\Klei
2013-08-08 11:04 - 2007-05-04 10:42 - 00444952 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-08-08 11:04 - 2007-05-04 10:42 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-08-08 02:14 - 2013-08-08 02:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-53936908.txt
2013-08-08 02:14 - 2013-08-08 02:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-53936503.txt
2013-08-07 05:30 - 2013-08-07 05:30 - 00000000 ____D C:\Users\*my name*\.revenge_of_the_titans_1.80
2013-08-07 05:30 - 2013-08-07 05:29 - 00000000 ____D C:\Users\*my name*\AppData\Local\RevengeOfTheTitans
2013-08-07 04:22 - 2009-10-03 09:03 - 00238872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-08-05 12:33 - 2013-08-05 12:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-427351697.txt
2013-08-05 12:33 - 2013-08-05 12:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-427349294.txt
2013-08-05 07:27 - 2013-08-05 07:27 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina – Print

Savings
2013-08-05 07:27 - 2013-08-05 07:27 - 00000000 ____D C:\Users\*my name*\AppData\Roaming\Catalina – Print Savings
2013-08-05 01:25 - 2013-08-05 01:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-387256959.txt
2013-08-05 01:25 - 2013-08-05 01:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-387256788.txt

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\*my name*\googleupdate.exe
C:\Users\*my name*\AppData\Local\Temp\bridj.dll367684967795927985.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_1033402737295619661.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_1374009784686961977.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_168501334270526375.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_1786023623424546707.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_1880546538327620977.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_212498359278774640.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_2957820244428391576.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_3002203816100618690.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_3167808014486838182.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_3390265771174223819.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_3646865801291940422.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_3775643133410590924.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_4097647285272706788.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_4331729582409838469.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_4553700514036307431.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_4768486470920695187.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5005481279999448618.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5015246091943901781.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5226444043394988794.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5373101815994067549.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5415437269614350576.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5434943737371610438.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5795647461605282034.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_5817995110036045281.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_6043479637182731802.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_6065746854150642249.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_6360190079244580666.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_6684523317715916384.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_6972740608767188608.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_7566874645821333536.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_7814664886486649879.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_8085007165840588142.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_8134966587687360982.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_8501136303619263748.dll
C:\Users\*my name*\AppData\Local\Temp\clipstreamsa_8808627945553430244.dll
C:\Users\*my name*\AppData\Local\Temp\i4jdel0.exe
C:\Users\*my name*\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\*my name*\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\CustomText.1033.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\DeleteTemp.exe
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\dlmgr.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\ExpressUI.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\gencomp.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\HtmlLite.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\RebootStub.exe
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\setup.exe
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\setupres.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\SITSetup.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\vs70uimgr.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\vsbasereqs.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\vsscenario.dll
C:\Users\*my name*\AppData\Local\Temp\SIT25903.tmp\vs_setup.dll
C:\Users\*my name*\AppData\Local\Temp\SDIAG_6093b447-558f-44d3-9f44-b6592fa35295\NetworkDiagnosticSnapIn.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-07-25 19:11] - [2012-07-25 23:50] - 2114936 ____A (Microsoft Corporation) 5B6ED1B57DBFF18D405A0260559B571E

C:\Windows\System32\winlogon.exe
[2012-07-25 19:55] - [2012-07-25 23:21] - 0411648 ____A (Microsoft Corporation) C06BA1F360CEF6AB51F41B3D0D5FE92D

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-07-25 20:01] - [2012-07-25 23:20] - 0023040 ____A (Microsoft Corporation) 0A175AF8B65797BD22C11903A8BFEB2D

C:\Windows\System32\services.exe
[2012-07-26 00:17] - [2012-07-26 00:17] - 0333312 ____A (Microsoft Corporation) 575FB4211BB07DB7D2179B1B05FE7EFD

C:\Windows\System32\User32.dll
[2012-07-25 20:03] - [2012-07-25 23:20] - 1171968 ____A (Microsoft Corporation) 4A18E559ECE09C7A1021CEFEC22F0BE6

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-04 05:36

==================== End Of Log ============================



#6 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 September 2013 - 10:07 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 03
Ran by *my name* at 2013-09-04 10:46:17
Running from C:\Users\*my name*\Desktop\FRST
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
AC3Filter 2.5b (Version: 2.5b)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3 Uploader (Version: 1.0.8)
Amazon Unbox Video (Version: 2.1.0.124)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
And Yet It Moves
APC PowerChute Personal Edition (Version: 2.0)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4719.35969)
ATI AVIVO Codecs (Version: 11.6.0.50930)
ATI Problem Report Wizard (Version: 3.0.795.0)
Audiosurf Demo
Auditorium
AutoUpdate (Version: 1.1)
Awesomenauts
Bing Bar (Version: 7.0.614.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BIT.TRIP BEAT
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
BIT.TRIP RUNNER
Blocks That Matter
Bonjour (Version: 3.0.0.10)
Borderlands
Braid
Catalina Savings Printer (Version: 1.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
Cave Story+
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility (Version: 2012.1219.1521.27485)
Consumer Complete Care Services Agreement (Version: 1.10.0000)
ControlMK 0.232 (Version: 0.232)
Counter-Strike: Source
Coupon Printer for Windows (Version: 5.0.0.0)
Creative MediaSource 5 (Version: 5.00)
D3DX10 (Version: 15.4.2368.0902)
Defense Grid: The Awakening
Dell System Customization Wizard (Version: 1.00.0000)
DivX Codec (Version: 6.8.3)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.0)
Documentation & Support Launcher (Version: 1.00.0000)
Don't Starve
Eufloria
Far Cry (Patch 1.4) (Version: 1.00.0000)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Flight Control HD
Flixster Collections (Version: 1.0.73)
Free M4a to MP3 Converter 7.1
FTL: Faster Than Light
Game Room (Version: 1.0.0001.131)
Games, Music, & Photos Launcher (Version: 1.00.0000)
GameSpot Download Manager
GameSpy Arcade
GIMP 2.8.0 (Version: 2.8.0)
Google Desktop (Version: -)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.153)
Gunpoint
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life Deathmatch: Source
Half-Life: Source
Halo 2 for Windows Vista
Halo 2 for Windows Vista (Version: 1.0.0.0)
Halo 2 Map Editor (Version: 1.00.0000)
Handbrake 0.9.2 (Version: 0.9.2)
Hotline Miami
HydraVision (Version: 4.2.180.0)
iCloud (Version: 1.1.0.40)
Intel AppUp(SM) center (Version: 13747)
Intel® Matrix Storage Manager
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 10.7.0.21)
Jamestown
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader
Junk Mail filter update (Version: 15.4.3502.0922)
Kentucky Route Zero
K-Lite Codec Pack 9.1.0 (Full) (Version: 9.1.0)
Left 4 Dead 2
Lexmark 5600-6600 Series
Lexmark Printable Web (Version: 1.0.0.0)
LIMBO
Little Inferno
Lone Survivor
Lumines
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mark of the Ninja
Marvel Heroes
McPixel
Media Go (Version: 1.2.307)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Common Files (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Native Client (Version: 10.2.4000.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.2.4000.0)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.2.4000.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40302)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40307)
Microsoft Works (Version: 08.05.0818)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Microsoft XNA Game Studio 4.0 (ARP entry) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Redists) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Shared Components) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Visual Studio) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Documentation (Version: 4.0.20823.0)
Microsoft XNA Game Studio Express 1.0 Refresh (Version: 1.1.10405.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.3.0.0)
MobileMe Control Panel (Version: 3.1.8.0)
Monaco
Move Media Player
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MPlayer for Windows (Full Package)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Netflix Movie Viewer (Version: 1.2.211)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
Organ Trail: Director's Cut
Origin (Version: 9.3.1.4482)
PDFill FREE PDF Tools (Version: 10.0)
Peggle Extreme
PixelJunk Eden
Plants Vs Zombies
PlayStation®Network Downloader (Version: 1.04.00003)
PlayStation®Store (Version: 2.5.19.05977)
Poker Night at the Inventory
Portal
Proteus
PS3Muxer 1.30
PunkBuster Services (Version: 0.986)
Puzzle Quest
PVSonyDll (Version: 1.00.0001)
Quake
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.71.80.42)
Raptr
Retro City Rampage™
Rovi Player (Version: 2.7.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Service Pack 2 for SQL Server 2008 (KB2285068) (Version: 10.2.4000.0)
Shadowrun (Version: 1.00.0000)
SigmaTel Audio (Version: 5.10.5102.0)
Sonic Activation Module (Version: 1.0)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Sql Server Customer Experience Improvement Program (Version: 10.2.4000.0)
Stealth Bastard Deluxe
Steam
SUPER © Version 2009.bld.35 (Jan 5, 2009) (Version: Version 2009.bld.35 (Jan 5, 2009))
Super Meat Boy
Superbrothers: Sword & Sworcery EP
System Requirements Lab
System Requirements Lab (Version: 4.1.14.0)
Team Fortress 2
Terraria
The Binding Of Isaac
The Swapper
The Ultimate Doom
They Bleed Pixels
Thirty Flights of Loving
Thomas Was Alone
Ticket to Ride
Tinker (Version: 1.0.0000.131)
Tinker (Version: 1.0.0001.131)
Torchlight - Demo
Torchlight II
TRAUMA
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
Virtools 3D Life Player (Version: 4.0.0.x)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.1.6 (Version: 1.1.6)
VVVVVV
Windows 7 Upgrade Advisor Beta (Version: 2.0.1125.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
WinRAR archiver
World of Goo

==================== Restore Points  =========================

29-08-2013 11:12:00 Installed DirectX

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25]

(Microsoft Corporation)
Task: {12D9DA28-4DFA-482F-9416-91260599D4B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update

\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {158D9C35-DC04-47C1-96EE-6B8918E02583} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {17431162-C3D1-432E-8A86-5C8A48D9A002} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe

[2009-05-09] (Google Inc.)
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe

[2012-07-25] (Microsoft Corporation)
Task: {1AA44587-F140-4434-852C-59856F88ADAC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender

\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows

\System32\WSClient.dll [2012-07-25] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {2CC6E3E3-0299-485E-B7D7-10B1FD163965} - System32\Tasks\Halo 2 for Vista restart => C:\Program Files\Microsoft Games\Halo 2\startup.exe

[2007-06-06] (Microsoft Corporation)
Task: {2EBBEB47-4CEC-493F-9CA8-18FDAE0EBDDA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe No

File
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows

\System32\MbaeParserTask.exe [2012-07-25] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3A8D51D5-1415-4585-9137-CAC53CF09380} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E9A038C-3780-4385-BF5F-10D2DDE772E0} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2012-07-

25] (Microsoft Corp.)
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4106E891-361A-4F51-BDDE-E4FCB7F8D086} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1080360754-1148944602-3489722730-1000
Task: {41B003B6-226C-4487-8A4E-94D13D55DF42} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program

Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4DCE2AA0-480B-417C-B881-2F2E57BD6100} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome

\mcupdate.exe No File
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows

\System32\Windows.Storage.ApplicationData.dll [2012-07-25] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs

No File
Task: {56A006F7-658F-42AF-AEE4-5556B9A25E1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program

Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {56F55135-BB67-46A5-93E6-593603193E41} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe No

File
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows

\System32\Startupscan.dll [2012-07-25] (Microsoft Corporation)
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {69E9B6C1-2DF4-4B0C-B8ED-E65645464F45} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome

\ehPrivJob.exe No File
Task: {6A07A296-88FB-414D-8F8A-954234163008} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:

\Program Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {6D49D4F4-209A-4BF5-A5EB-02C6725FA937} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

No File
Task: {73610200-8AC7-4CAF-92CE-2F1C6BBD5FFC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => start wuauserv
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7816C1A8-2A90-4409-A8EA-6EDD5942A27E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe No

File
Task: {7DAB9818-0BAC-474F-8C0B-E7C984498CD0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe No

File
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {866A078B-2BA5-4C94-9AE0-2106ED250289} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe No File
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012

-07-25] (Microsoft Corporation)
Task: {998CDD11-C98E-4CE4-9823-9C1E3A026A74} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx2-*my

name*-PC => C:\Windows\ehome\McxTask.exe No File
Task: {99D343F2-6E23-488C-BDB4-0F30CB5D24C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files

\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {9A4A57FB-5303-49B0-A321-B57DC87948D3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome

\mcupdate.exe No File
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows

\System32\drvinst.exe [2012-07-25] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9E687CBE-E049-48EC-90D3-29120F571EEA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome

\ehPrivJob.exe No File
Task: {A36A74BA-9A51-4A4B-8FCA-B686756AF348} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

No File
Task: {AD011E53-3689-4844-BF94-F23A003B3913} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

No File
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {B5637CDB-86D5-4B1C-ACA6-3B7F81217459} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

No File
Task: {B9ADA005-AEF4-4108-9ACA-64287AE0ED57} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe

[2012-07-25] (Microsoft Corporation)
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BB917A8A-B746-463A-A713-357079B32DEC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe No

File
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {BEB190C4-60EF-45EA-8626-D61D2FFF8CA8} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

No File
Task: {BFA502AC-ADF2-458D-9BC1-54BB3DD1D350} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash

\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {C07F66DA-2593-423A-87D0-C789DA04D66F} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe

[2008-05-29] (Lexmark International Inc.)
Task: {C3EBBD7F-F100-47B4-8A89-34F01E44D67A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe No

File
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C4DC1659-973D-4181-97D7-B6B40AF1F9BD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

No File
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {CFD47FA0-FD93-4F54-BB33-B907F5652092} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome

\ehPrivJob.exe No File
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {D36CD54D-35E0-4323-990C-AF719E1A3522} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {D5FA8E52-4145-4B01-8792-47E865144FDF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

No File
Task: {DC9F7781-5596-4A94-ABA6-44B52266D795} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time

task_started
Task: {DE82B587-D817-4EA1-AC31-6BA5AE8265A6} - System32\Tasks\User_Feed_Synchronization-{64B61D2E-FA7D-450D-9449-2743FD7C9061} => C:\Windows

\system32\msfeedssync.exe [2012-07-25] (Microsoft Corporation)
Task: {DEACF9EA-C251-41EC-B35B-7B50EBB8D445} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E46AF8EE-51DE-418C-8144-FE5454027149} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe No

File
Task: {E4EFCB83-B249-4AD0-AD4B-B6566C8EE53A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe

[2009-05-09] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows

\system32\gatherWirelessInfo.vbs No File
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll

[2012-07-25] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe

[2012-07-25] (Microsoft Corporation)
Task: {F5D4AE0E-F686-465E-810B-132CB7DA2ED1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe No File
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FC7DDEAC-4407-4283-8C50-54170C8D5D15} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe No

File
Task: {FFADD808-84C8-4F88-A63E-BEA0929A2151} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome

\mcupdate.exe No File
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-25 19:59 - 2012-07-25 23:18 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\combase.dll
2012-07-25 19:55 - 2012-07-25 23:20 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINMMBASE.dll
2012-07-25 19:46 - 2012-07-25 23:19 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCORE.dll
2010-09-30 23:26 - 2010-09-30 23:26 - 00208896 _____ (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDMH.dll
2012-07-25 19:31 - 2012-07-25 23:19 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\profext.dll
2012-07-25 19:46 - 2012-07-25 23:19 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCORE.DLL
2012-12-27 00:56 - 2012-12-27 00:56 - 00117128 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\RNowUtils.dll
2012-12-27 00:56 - 2012-12-27 00:56 - 00273800 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\DownloadMgr.DLL
2012-12-27 00:56 - 2012-12-27 00:56 - 00318344 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\Download.DLL
2012-12-27 00:47 - 2012-12-27 00:47 - 00181008 _____ (Intel® Corporation) C:\Program Files\Rovi\Rovi Player\IntelWiDiExtensions.dll
2012-07-25 22:42 - 2012-07-25 22:42 - 09374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.dll
2012-07-25 22:26 - 2012-07-25 23:19 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\pcacli.dll
2012-12-27 00:56 - 2012-12-27 00:56 - 00204168 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\CNDevSynch.dll
2012-07-25 20:51 - 2012-07-25 23:20 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\wpdsp.dll
2012-12-19 19:08 - 2012-11-08 00:24 - 02881536 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-25 19:54 - 2012-07-25 23:20 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\UIAutomationCore.DLL
2012-07-25 19:55 - 2012-07-25 23:20 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\WINMMBASE.dll
2012-07-25 20:00 - 2012-07-25 23:18 - 02034176 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\d3d10warp.dll
2012-12-27 00:47 - 2012-12-27 00:47 - 00612232 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\SonicIMVPlayer.dll
2012-07-25 22:56 - 2012-07-25 23:18 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\MFCORE.dll
2012-07-25 19:17 - 2012-07-25 23:18 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mfnetcore.dll
2012-07-25 20:10 - 2012-07-25 23:19 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\NTASN1.dll
2012-12-27 00:56 - 2012-12-27 00:56 - 00367496 _____ (Rovi Corporation) C:\Program Files\Rovi\Rovi Player\RNowControl.dll
2012-07-25 20:12 - 2012-07-25 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2012-07-25 19:39 - 2012-07-25 23:20 - 00509952 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.dll
2012-07-25 20:06 - 2012-07-25 23:18 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
2012-12-19 19:08 - 2012-09-07 01:44 - 08854016 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2012-07-25 19:11 - 2012-07-25 23:20 - 01184256 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2012-07-25 19:33 - 2012-07-25 23:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
2012-07-25 19:40 - 2012-07-25 23:20 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpncore.dll
2012-07-25 22:12 - 2012-07-25 23:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\sppc.dll
2012-07-25 20:06 - 2012-07-25 23:18 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\dcomp.dll
2012-07-25 19:54 - 2012-07-25 23:18 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\System32\IDStore.dll
2012-07-25 19:31 - 2012-07-25 23:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\System32\wlidprov.dll
2012-07-25 21:57 - 2012-07-25 23:18 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\elscore.dll
2012-07-25 19:22 - 2012-07-25 23:18 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\InputSwitch.dll
2012-07-25 22:28 - 2012-07-25 23:18 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ElsLad.dll
2012-07-25 19:54 - 2012-07-25 23:20 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\UIAutomationCore.dll
2012-07-25 19:22 - 2012-07-25 23:19 - 00413184 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2012-07-25 20:06 - 2012-07-25 23:20 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\windows.globalization.fontgroups.dll
2012-07-25 19:18 - 2012-07-25 23:19 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2012-07-25 19:38 - 2012-07-25 23:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2012-07-25 19:21 - 2012-07-25 23:20 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpnprv.dll
2012-07-25 20:12 - 2012-07-25 23:18 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\DPAPI.dll
2012-07-25 19:56 - 2012-07-25 23:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\System32\DeviceSetupManagerAPI.dll
2012-07-25 19:59 - 2012-07-25 23:20 - 00051712 _____ (Microsoft Corporation) C:\Windows

\System32\Windows.Networking.Sockets.PushEnabledApplication.dll
2012-07-25 20:28 - 2012-07-25 23:19 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2012-07-25 21:43 - 2012-07-25 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\System32\NcaApi.dll
2012-07-25 19:34 - 2012-07-25 23:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2012-07-25 21:28 - 2012-07-25 23:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
2012-07-25 19:53 - 2012-07-25 23:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2012-07-25 19:33 - 2012-07-25 23:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2012-07-25 20:55 - 2012-07-25 23:17 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\apprepapi.dll
2012-07-25 19:59 - 2012-07-25 23:18 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2012-07-25 22:15 - 2012-07-25 23:18 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\CHARTV.dll
2012-07-25 22:42 - 2012-07-25 22:42 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\UIRibbonRes.dll
2012-07-25 21:03 - 2012-07-25 23:18 - 00401408 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll
2012-07-25 21:57 - 2012-07-25 23:18 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2012-07-25 19:57 - 2012-07-25 23:19 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mtxoci.dll
2012-07-25 19:58 - 2012-07-25 23:20 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2012-07-25 20:07 - 2012-07-25 23:20 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\VirtDisk.dll
2012-07-25 22:56 - 2012-07-25 23:18 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\mfcore.dll
2012-07-25 16:14 - 2012-07-11 22:02 - 00864208 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\MSVCR110_CLR0400.dll
2012-07-25 20:14 - 2012-07-25 23:30 - 00946128 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\webservices.dll
2012-07-25 19:21 - 2012-07-25 23:20 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlroamextension.dll
2012-07-25 19:41 - 2012-07-25 23:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2012-07-25 20:11 - 2012-07-25 23:20 - 00995328 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2010-01-11 23:18 - 2010-01-11 23:18 - 00066664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2007-05-12 01:41 - 2006-12-03 14:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2012-07-25 20:37 - 2012-07-25 23:20 - 03325952 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2012-07-25 20:55 - 2012-07-25 23:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkItemFactory.dll
2012-07-25 21:51 - 2012-07-25 23:18 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dtsh.dll
2012-07-25 21:52 - 2012-07-25 23:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\System32\fdwcn.dll
2012-07-25 19:49 - 2012-07-25 23:20 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\System32\wcnapi.dll
2012-07-25 21:25 - 2012-07-25 23:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\fdWNet.dll
2012-07-25 20:08 - 2012-07-25 23:18 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\dfscli.dll
2012-07-25 19:46 - 2012-07-25 23:19 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\shcore.dll
2012-07-25 19:34 - 2012-07-25 23:20 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2012-07-25 19:39 - 2012-07-25 23:20 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\twinapi.dll
2012-07-25 20:00 - 2012-07-25 23:20 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\threadpoolwinrt.dll
2012-07-25 19:58 - 2012-07-25 23:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2012-07-25 22:07 - 2012-07-25 23:20 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.dll
2012-07-25 19:19 - 2012-07-25 23:20 - 00267776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2012-07-25 20:07 - 2012-07-25 23:20 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll
2012-07-25 19:56 - 2012-07-25 23:20 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\System32\wpnapps.dll
2012-07-25 19:35 - 2012-07-25 23:20 - 00410112 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2012-07-25 20:07 - 2012-07-25 23:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\CryptoWinRT.dll
2012-07-25 19:20 - 2012-07-25 23:20 - 00502784 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2012-07-25 19:45 - 2012-07-25 23:20 - 00222208 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll
2012-07-25 19:45 - 2012-07-25 23:19 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\NInput.dll
2012-07-25 20:09 - 2012-07-25 23:19 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mskeyprotect.dll
2012-07-25 19:58 - 2012-07-25 23:20 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\VAULTCLI.dll
2013-05-31 21:51 - 2013-05-31 21:51 - 00140208 _____ () C:\Program Files\WindowsApps

\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2007-05-04 10:44 - 2007-02-08 01:16 - 01458176 _____ (SigmaTel, Inc.) C:\WINDOWS\SYSTEM32\STLang.dll
2007-05-04 10:43 - 2007-02-08 01:16 - 00238592 _____ (SigmaTel, Inc.) C:\WINDOWS\system32\stapi32.dll
2013-04-03 20:57 - 2008-05-29 20:23 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2013-04-03 20:56 - 2008-02-21 14:12 - 00077906 _____ (Lexmark International) C:\Program Files\Lexmark 5600-6600 Series\lxducfg.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00188416 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdudatr.dll
2013-04-03 20:57 - 2008-05-29 20:23 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2013-04-03 20:57 - 2008-05-29 20:23 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2013-04-03 20:57 - 2008-05-29 20:23 - 00954368 _____ (Lexmark R&D Corp.) C:\Program Files\Lexmark 5600-6600 Series\lxdumonr.dll
2013-04-03 20:57 - 2008-05-29 20:24 - 00765952 _____ ( ) C:\Program Files\Lexmark 5600-6600 Series\lxducomc.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00675840 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\Epwizard.DLL
2013-04-03 20:57 - 2008-05-29 20:11 - 00147456 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\customui.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00118784 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\Eputil.DLL
2013-04-03 20:57 - 2008-05-29 20:11 - 00061440 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\Epfunct.DLL
2013-04-03 20:57 - 2008-05-29 20:11 - 00135168 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\Imagutil.DLL
2013-04-03 20:57 - 2008-05-29 20:22 - 02239632 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltwvc215u.dll
2013-04-03 20:57 - 2008-05-29 20:21 - 00261264 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltdis15u.dll
2013-04-03 20:57 - 2008-05-29 20:21 - 00482448 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltkrn15u.dll
2013-04-03 20:57 - 2008-05-29 20:21 - 00183440 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltfil15u.dll
2013-04-03 20:57 - 2008-05-29 20:21 - 00212112 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltimgclr15u.dll
2013-04-03 20:57 - 2008-05-29 20:21 - 00117904 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\Ltimgutl15u.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 02334720 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\EPWizRes.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00045056 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\epstring.dll
2013-04-03 20:57 - 2008-05-29 20:11 - 00036864 _____ (Lexmark International Inc.) C:\Program Files\Lexmark 5600-6600 Series\EPOEMDll.dll
2013-04-03 20:57 - 2008-05-29 20:22 - 00355472 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\LTIMGCOR15U.DLL
2013-04-03 20:57 - 2008-05-29 20:22 - 00445584 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\LTIMGSFX15U.DLL
2013-04-03 20:57 - 2008-05-29 20:21 - 00216208 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\LTIMGEFX15U.DLL
2013-04-03 20:57 - 2008-05-29 20:22 - 00257168 _____ (LEAD Technologies, Inc.) C:\Program Files\Lexmark 5600-6600 Series\LTEFX15U.DLL
2013-04-03 20:57 - 2008-05-29 20:21 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\iptk.dll
2013-04-03 20:57 - 2008-05-29 20:23 - 00548864 _____ (PDFlib GmbH) C:\Program Files\Lexmark 5600-6600 Series\PdfLib.dll
2013-04-03 20:57 - 2007-09-06 14:11 - 00151552 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduptp.dll
2010-09-30 23:26 - 2010-09-30 23:26 - 00086016 _____ (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraEnu.dll
2012-07-25 20:12 - 2012-07-25 23:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\DPAPI.dll
2012-07-25 20:06 - 2012-07-25 23:18 - 00308224 _____ (Microsoft Corporation) C:\Windows\System32\Bcp47Langs.dll
2012-07-25 19:56 - 2012-07-25 23:20 - 00179200 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2012-07-25 20:30 - 2012-07-25 23:17 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll
2012-07-25 21:43 - 2012-07-25 23:18 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\IEUI.dll
2012-07-25 19:27 - 2012-07-25 23:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-07-25 22:16 - 2012-07-25 23:20 - 00094720 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.ps.dll
2012-09-25 00:02 - 2012-09-25 00:02 - 00449512 _____ (Oracle Corporation) C:\Program Files\Java\jre7\bin\ssv.dll
2012-07-25 19:45 - 2012-07-25 23:19 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\ninput.dll
2012-07-25 20:00 - 2012-07-25 23:18 - 02034176 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\D3D10Warp.dll
2012-07-25 20:21 - 2012-07-25 23:19 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\MSRATING.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\*my name*\Desktop\Malware bytes Forum.url:favicon
AlternateDataStreams: C:\Users\*my name*\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\*my name*\AppData\Roaming\Thumbs.db:encryptable

==================== Faulty Device Manager Devices =============

Name: J:\
Description: USB   HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC   
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information

about how to diagnose the problem, see the hardware documentation.

Name: H:\
Description: USB   HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC   
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information

about how to diagnose the problem, see the hardware documentation.

Name: K:\
Description: USB   HS-SD Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC   
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information

about how to diagnose the problem, see the hardware documentation.

Name: I:\
Description: USB   HS-xD/SM 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC   
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information

about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2013 07:58:45 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.17929 - There was a failure initializing profiling API attach infrastructure.  This process will not

allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4548.  Message ID: [0x2509].

Error: (09/04/2013 07:39:01 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.17929 - There was a failure initializing profiling API attach infrastructure.  This process will not

allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2748.  Message ID: [0x2509].

Error: (09/04/2013 05:38:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2013 06:55:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (09/02/2013 06:55:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (09/02/2013 06:55:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/02/2013 08:35:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.2.9200.16384, time stamp: 0x501085fa
Faulting module name: ctapo32.dll, version: 1.0.0.71, time stamp: 0x455bcd49
Exception code: 0xc0000005
Fault offset: 0x00019355
Faulting process id: 0x2500
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5

Error: (09/02/2013 06:47:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2013 06:44:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/02/2013 06:38:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (09/04/2013 05:02:38 AM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/04/2013 05:02:38 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

Error: (09/04/2013 04:30:39 AM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/04/2013 04:30:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

Error: (09/04/2013 04:25:41 AM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/04/2013 04:25:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

Error: (09/04/2013 03:54:11 AM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (09/04/2013 03:54:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.

Error: (09/04/2013 03:53:52 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:49:49 AM on ‎9/‎4/‎2013 was unexpected.

Error: (09/04/2013 03:52:06 AM) (Source: DCOM) (User: *my name*-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================
Error: (11/16/2011 06:31:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000.

This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/03/2011 04:37:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000.

This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/08/2011 07:07:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000.

This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2012-12-30 13:30:42.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-30 13:30:41.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-28 14:57:27.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-28 14:57:19.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-24 11:07:10.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-24 11:07:08.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-23 15:10:37.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-23 15:10:35.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-20 10:29:57.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

  Date: 2012-12-20 10:29:56.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe)

attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll with signing level Unsigned while

the system requires signing level Microsoft or better to load.

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 2045.92 MB
Available physical RAM: 1173.63 MB
Total Pagefile: 4093.92 MB
Available Pagefile: 2879.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1852.54 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:51.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.33 GB) NTFS
Drive g: (Elements) (Fixed) (Total:1863.01 GB) (Free:845.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000B4704)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

And yes, I'm pretty sure that is a proxy that was set up back in july when I wanted to watch a youtube stream that was only available in japan.



#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 September 2013 - 11:56 AM

Did you edit your name out in the logs:
 

Ran by *my name* (administrator) on *my name*-PC on 04-09-2013 10:45:26
Running from C:\Users\*my name*\Desktop\FRST


If so this won't work.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some how , can you clean out your temp files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 September 2013 - 02:30 PM

Sorry for the delay.  I was trying to address my temp files and ended up doing disk cleanup and choosing to delete the temp files along with a previous windows install and ended up clearing out about 30GBs.  It took quite a while.

 

Yes, I have been changing my actual name to *my name* for when I post here, but I just changed it back to run the fixlist.txt that you provided.

 

Here is the fixlog.txt that you requested.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2013 03
Ran by *my name* at 2013-09-04 13:17:18 Run:1
Running from C:\Users\*my name*\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] cmd.exe [349696 2012-07-25] (Microsoft Corporation)
HKCU\...\Command Processor: 
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\1et5kFzy
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\Users\*my name*\AppData\Local\1NcMWaK8Rd
2013-09-03 09:57 - 2013-09-03 09:57 - 00182272 _____ C:\ProgramData\tc2WEAm0Xq
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\XHAcHbKgq
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\Users\*my name*\AppData\Local\d90x1z4dXDS
2013-09-03 09:51 - 2013-09-03 09:50 - 00182272 _____ C:\ProgramData\2m30GOli3BB
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\3t6Ny17mVcP
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\Users\*my name*\AppData\Local\MCJYXEyz0H
2013-09-03 09:46 - 2013-09-03 09:46 - 00182272 _____ C:\ProgramData\UJgTUQTWLJh
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\rCxS2ITVez
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\Users\*my name*\AppData\Local\EcKA8WhQ6vg
2013-09-03 09:44 - 2013-09-03 09:44 - 00182272 _____ C:\ProgramData\gzwkCaw0YQ
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\mKIMiEO9e4
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\Users\*my name*\AppData\Local\9vI67T8jKw
2013-09-03 05:27 - 2013-09-03 05:27 - 00182272 _____ C:\ProgramData\N7Q0RKAcWJU
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\VjjSDRTljC
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\Users\*my name*\AppData\Local\mgFbZl7Itq
2013-09-03 05:13 - 2013-09-03 05:13 - 00182272 _____ C:\ProgramData\hkZspQyP
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\Users\*my name*\AppData\Roaming\j9vpKLFd
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\Users\*my name*\AppData\Local\JzXDli55dm
2013-09-03 05:08 - 2013-09-03 05:07 - 00182272 _____ C:\ProgramData\zoEnZWhWjb
2013-09-03 05:07 - 2013-09-04 03:48 - 00000000 ____D C:\Users\*my name*\AppData\Local\Ug3Q9mG3o
2013-09-03 05:07 - 2013-09-03 06:44 - 00000000 ____D C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad
2013-09-03 05:07 - 2013-09-03 05:07 - 00000000 _____ C:\Users\*my name*\googleupdate.exe
C:\ProgramData\hash.dat
C:\Users\*my name*\googleupdate.exe

*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\*my name*\AppData\Roaming\1et5kFzy => Moved successfully.
C:\Users\*my name*\AppData\Local\1NcMWaK8Rd => Moved successfully.
C:\ProgramData\tc2WEAm0Xq => Moved successfully.
C:\Users\*my name*\AppData\Roaming\XHAcHbKgq => Moved successfully.
C:\Users\*my name*\AppData\Local\d90x1z4dXDS => Moved successfully.
C:\ProgramData\2m30GOli3BB => Moved successfully.
C:\Users\*my name*\AppData\Roaming\3t6Ny17mVcP => Moved successfully.
C:\Users\*my name*\AppData\Local\MCJYXEyz0H => Moved successfully.
C:\ProgramData\UJgTUQTWLJh => Moved successfully.
C:\Users\*my name*\AppData\Roaming\rCxS2ITVez => Moved successfully.
C:\Users\*my name*\AppData\Local\EcKA8WhQ6vg => Moved successfully.
C:\ProgramData\gzwkCaw0YQ => Moved successfully.
C:\Users\*my name*\AppData\Roaming\mKIMiEO9e4 => Moved successfully.
C:\Users\*my name*\AppData\Local\9vI67T8jKw => Moved successfully.
C:\ProgramData\N7Q0RKAcWJU => Moved successfully.
C:\Users\*my name*\AppData\Roaming\VjjSDRTljC => Moved successfully.
C:\Users\*my name*\AppData\Local\mgFbZl7Itq => Moved successfully.
C:\ProgramData\hkZspQyP => Moved successfully.
C:\Users\*my name*\AppData\Roaming\j9vpKLFd => Moved successfully.
C:\Users\*my name*\AppData\Local\JzXDli55dm => Moved successfully.
C:\ProgramData\zoEnZWhWjb => Moved successfully.
C:\Users\*my name*\AppData\Local\Ug3Q9mG3o => Moved successfully.
C:\Users\*my name*\AppData\Local\2097ecaa-4e88-4938-a16f-9a1b713d2d3fad => Moved successfully.
C:\Users\*my name*\googleupdate.exe => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
"C:\Users\*my name*\googleupdate.exe" => File/Directory not found.

==== End of Fixlog ====

 

 

 

I am now moving on to the next steps that you listed.



#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 September 2013 - 02:54 PM

OK...MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 05 September 2013 - 03:36 AM

I was at the step where I let the Malwarebytes Anti-Rootkit perform a scan and it seemed like it was going to be a while, so I decided to let it run overnight.  I just got back to my computer and the monitor wouldn't come back on.  The light just stayed orange as if the computer wasn't powered on, but it definitely was.  I wiggled the mouse, hit the space bar, then tried CTRL+ALT+DEL, but nothing would happen.  So I just did a hard restart and everything seems fine.  My computer loads up properly.  The unwanted command prompt is gone and the metro interface loads as normal.  However, I was never able to view the scan results or perform the cleanup.



#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 September 2013 - 07:40 AM

There's nothing in the MBAR folder?

 

If not reboot into safe mode and try it again, it shouldn't take that long to run.

 

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 05 September 2013 - 03:13 PM

There was this system-log text file:

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145304576, free: 1252954112

Downloaded database version: v2013.09.04.07
Downloaded database version: v2013.08.06.01
Initializing...
======================
------------ Kernel report ------------
     09/04/2013 15:33:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\sfhlp02.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HidBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{642AB80E-62CD-489D-82B7-1668E477E653}\MpKsle9abe226.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff871e9030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003e\
Lower Device Object: 0xffffffff871c1660
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff871e39f8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003d\
Lower Device Object: 0xffffffff871c1c40
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff871d4030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003c\
Lower Device Object: 0xffffffff871a1c70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff871dea58
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xffffffff871a2030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86661668
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000033\
Lower Device Object: 0xffffffff86b30c08
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85737030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff8534f028
Lower Device Driver Name: \Driver\iaStorV\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85737030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85737cb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85737030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8534f028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 20000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 98304  Numsec = 20971520

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21069824  Numsec = 604069888
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86661668, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff866628a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86661668, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86b30c08, DeviceName: \Device\00000033\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4704

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907022848

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000396746752 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff871dea58, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871e04b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff871dea58, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff871a2030, DeviceName: \Device\0000003b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff871d4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871dd288, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff871d4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff871a1c70, DeviceName: \Device\0000003c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff871e39f8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871e35d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff871e39f8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff871c1c40, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff871e9030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871e99e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff871e9030, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff871c1660, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\
------------ End ----------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145304576, free: 1231106048

=======================================
------------ Kernel report ------------
     09/04/2013 17:40:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\sfhlp02.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{642AB80E-62CD-489D-82B7-1668E477E653}\MpKsle9abe226.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HidBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff865cd4f8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003e\
Lower Device Object: 0xffffffff865b9c70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff865ce918
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003d\
Lower Device Object: 0xffffffff865b9030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff865b4030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003c\
Lower Device Object: 0xffffffff865a5030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff865b6918
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xffffffff865a44e0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8620f708
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000033\
Lower Device Object: 0xffffffff86210c70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8513a030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff8504f028
Lower Device Driver Name: \Driver\iaStorV\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8513a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8513acb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8513a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8504f028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 20000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 98304  Numsec = 20971520

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21069824  Numsec = 604069888
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8620f708, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff862108f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8620f708, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86210c70, DeviceName: \Device\00000033\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4704

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907022848

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000396746752 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff865b6918, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84288790, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865b6918, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865a44e0, DeviceName: \Device\0000003b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff865b4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865b6280, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865b4030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865a5030, DeviceName: \Device\0000003c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff865ce918, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865ce4b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865ce918, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865b9030, DeviceName: \Device\0000003d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff865cd4f8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff865cc020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff865cd4f8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff865b9c70, DeviceName: \Device\0000003e\, DriverName: \Driver\USBSTOR\
------------ End ----------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 2145304576, free: 1533304832

Could not load protection driver
Downloaded database version: v2013.09.04.08
Downloaded database version: v2013.09.05.01
Downloaded database version: v2013.09.05.02
Downloaded database version: v2013.09.05.03
Downloaded database version: v2013.09.05.04
Downloaded database version: v2013.09.05.05
Downloaded database version: v2013.09.05.06
Downloaded database version: v2013.09.05.07
=======================================
DDA Driver installation error.
=======================================

 

 

 

 

 

The included image is showing my attempt to run the Anti Root Kit application in safe mode.
 

Attached Files



#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 September 2013 - 03:38 PM

Run this one instead:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:
How To Run TDSSKiller

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
more-reply-options.jpg

New window that comes up.
choose-files1.jpg


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 September 2013 - 12:27 AM

Ok.  No malicious objects were found.  I have attached the 2 logs that I found in my C directory.

Attached Files



#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 September 2013 - 07:15 AM

OK, run another scan with RogueKiller and post the new log......MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 September 2013 - 07:25 AM

RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 32 bits version
Started in : Normal mode
User : Zack [Admin rights]
Mode : Scan -- Date : 09/06/2013 08:23:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (133.242.144.168:3128) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] 52e0d3ceb41369d34eece95023a7795c
[BSP] 33e870195992370a52af789e14cb7fe0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-75SBA0 +++++
--- User ---
[MBR] d21a4ecfd1aa5ae3c531e602189cd539
[BSP] 98505dec7c335decb522b9006cb78a7c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09062013_082344.txt >>

 

 



#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 September 2013 - 07:27 AM

Looks Good......

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 September 2013 - 07:49 AM

Here is the log.  I don't recognize any of these entries.  I didn't want to delete anything without being sure.

 

 

 

# AdwCleaner v3.002 - Report created 06/09/2013 at 08:44:14
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : Zack - ZACK-PC
# Running from : C:\Users\Zack\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\user.js
Folder Found C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\jetpack

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Product Found : Google Update Helper

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16453

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\prefs.js ]

[ File : C:\Users\temp account\AppData\Roaming\Mozilla\Firefox\Profiles\yvrk6kg2.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1150 octets] - [06/09/2013 08:44:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1210 octets] ##########



#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 September 2013 - 08:08 AM

Go ahead and clean it up...MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 trent82

trent82

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 September 2013 - 08:16 AM

Ok, here is the AdwCleaner[S0] logfile.

 

# AdwCleaner v3.002 - Report created 06/09/2013 at 09:10:49
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : Zack - ZACK-PC
# Running from : C:\Users\Zack\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\jetpack
File Deleted : C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Product Deleted : Google Update Helper

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16453

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\ju8iq5on.default\prefs.js ]

[ File : C:\Users\temp account\AppData\Roaming\Mozilla\Firefox\Profiles\yvrk6kg2.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1290 octets] - [06/09/2013 08:44:14]
AdwCleaner[S0].txt - [1225 octets] - [06/09/2013 09:10:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1285 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users