Jump to content

nick22

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Please help, every time I click on a link my browser randomly opens a totally different web page.
  2. Hello, I have a user on Windows7 and their pc began running extremely slow and with popups. Please advise, thanks.
  3. I have a user getting "Cannot connect to the real www.google.com" site. They get this in IE and Chrome. Please help.
  4. Hello, when I try to install malwarebytes free version I get the free version expired. Is there a workaround to use the free version? Thanks for you help
  5. I have a user getting "Cannot connect to the real www.google.com" when they try to access google. I have run malwarebytes once it found some malware but it continues to have the same issue. I would appreciate your suggestions. Thanks
  6. The AdwCleaner looks much better. Following are the two results: # AdwCleaner v2.300 - Logfile created 05/05/2013 at 13:21:40 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Administrator - GEORGE # Boot Mode : Normal # Running from : C:\Users\administrator.lacasa\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) -\\ Google Chrome v [unable to get version] ************************* AdwCleaner[R1].txt - [7490 octets] - [05/05/2013 12:57:32] AdwCleaner[R2].txt - [7550 octets] - [05/05/2013 13:11:24] AdwCleaner[R3].txt - [739 octets] - [05/05/2013 13:21:40] AdwCleaner[s1].txt - [7695 octets] - [05/05/2013 13:11:43] ########## EOF - C:\AdwCleaner[R3].txt - [858 octets] ########## Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 AVS Registry Cleaner version 2.2 Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Spybot Teatimer.exe is disabled! IObit IObit Malware Fighter IMFsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  7. Here you go. I looked thru log there is nothing I need to keep. Thanks # AdwCleaner v2.300 - Logfile created 05/05/2013 at 12:57:32 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Administrator - GEORGE # Boot Mode : Normal # Running from : C:\Users\administrator.lacasa\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Windows\SysWOW64\conduitEngine.tmp Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Red Sky Folder Found : C:\ProgramData\Tarma Installer ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\FCSBLGeneralPV.BreakageFees Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTradeBuy Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTradeBuys Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTradeSell Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTradeSells Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTranBuy Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTranBuys Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTranSell Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.BLTranSells Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.ClearParInfo Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeData.ClearParTradeInfo Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.BuySettleRV Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.BuySettleTL Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.EconomicBenefit Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.RevolverIncrease Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.SellSettleRV Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.SellSettleTL Key Found : HKLM\SOFTWARE\Classes\FCSBLTradeWiz.TermLoanIncrease Key Found : HKLM\SOFTWARE\Classes\FCSBondTradesPV.TradeTicket Key Found : HKLM\SOFTWARE\Classes\FCSBondUtilities.BondCouponDataSet Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.ABSClaimback Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.ABSPaymentWizard Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.CDSPayment Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.CDSSettlement Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.ReceiveCoupon Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.ReceiveCouponAll Key Found : HKLM\SOFTWARE\Classes\FCSBondWiz.RedeemBond Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.ContractChecker Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.ContractLinker Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.ObjectMerge Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.ObjectMove Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.PortfolioChanger Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.PositionRollback Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.PrimeRateChange Key Found : HKLM\SOFTWARE\Classes\FCSBOUtilities.SequenceUpdate Key Found : HKLM\SOFTWARE\Classes\oneclick Key Found : HKLM\SOFTWARE\Classes\oneclickmg Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\Software\PIP Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC} Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true -\\ Mozilla Firefox v20.0.1 (en-US) -\\ Google Chrome v [unable to get version] ************************* AdwCleaner[R1].txt - [7397 octets] - [05/05/2013 12:57:32] ########## EOF - C:\AdwCleaner[R1].txt - [7457 octets] ##########
  8. Attached is the ComboFix.txt file. Let me know if there is anything else to do. Thanks ComboFix.txt
  9. Hi MrC, I tested pc and have had no problems. I won't be able to format and re-install until about a week or so, is there anything in the meantime I should do. Thanks
  10. Attached are the results. I am rebooting and testing the pc. Thanks mbar-log-2013-05-01 (16-10-06).txt mbar-log-2013-05-01 (16-22-58).txt system-log.txt
  11. RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 05/01/2013 14:15:31 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{8C970729-AB4C-44E3-9543-6F3D0BE8ADD3} : NameServer (192.168.1.2,12.127.16.67,12.127.17.71) -> FOUND [DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{8C970729-AB4C-44E3-9543-6F3D0BE8ADD3} : NameServer (192.168.1.2,12.127.16.67,12.127.17.71) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\Command Processor : AutoRun (regsvr32 /n /i /s "C:\Users\administrator.LACASA\AppData\Local\wfcsfrqf.noi") -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5b5a75bef52e825b2d8d5f9a85ee0ff6 [bSP] 6cd63e6c4c60b0cb9de50f6f251f3914 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953753 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05012013_02d1415.txt >> RKreport[1]_S_05012013_02d1415.txt
  12. Thanks for this fix. I was able to login successfully. Is there anything else that I should do? I am planning on running a full virus and malware scan, and re-installing in the next week. In the meantime I can save information I need.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2013 01Ran by SYSTEM at 2013-05-01 13:15:18 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully. C:\Users\administrator.LACASA\AppData\Local\wfcsfrqf.noi => File not found. C:\Users\administrator\AppData\Roaming\skype.ini => Moved successfully. C:\Users\administrator.lacasa\Application Data\skype.ini => File not found. C:\Users\administrator.lacasa\notepad.exe => Moved successfully. C:\Users\administrator.lacasa\teamviewer.exe => Moved successfully. C:\Users\administrator.lacasa\flashplayer.exe => Moved successfully. C:\Users\administrator.lacasa\acrobatreader.exe => Moved successfully. C:\Windows\Installer\{130d9a8c-7e38-3c96-77d0-543647b9b223} => Moved successfully. C:\Users\administrator.lacasa\AppData\Local\{130d9a8c-7e38-3c96-77d0-543647b9b223} => Moved successfully. ==== End of Fixlog ====
  13. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2013 01 Ran by SYSTEM on 01-05-2013 12:28:11 Running from F:\ Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet003 ==================== Registry (Whitelisted) ================== HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM\...\Winlogon: [shell] regsvr32 /n /i /s "C:\Users\administrator.LACASA\AppData\Local\wfcsfrqf.noi" [x ] () HKU\Administrator.george\...\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [x] HKU\Administrator.george\...\Run: [ROC_PAID_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_PAID_JAN2013_TB.exe" /PROMPT /CMPID=PAID_JAN2013_TB [x] HKU\administrator.lacasa\...\Run: [AdobeBridge] [x] HKU\gloyola\...\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [x] HKU\gloyola\...\Run: [ROC_PAID_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_PAID_JAN2013_TB.exe" /PROMPT /CMPID=PAID_JAN2013_TB [x] HKU\LogMeInRemoteUser\...\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [x] HKU\LogMeInRemoteUser\...\Run: [ROC_PAID_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_PAID_JAN2013_TB.exe" /PROMPT /CMPID=PAID_JAN2013_TB [x] ==================== Services (Whitelisted) ================= S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit) S4 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET) S4 FreeSSHDService; C:\Program Files (x86)\freeSSHd\FreeSSHDService.exe [1360072 2009-09-09] () S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit) S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-06] (LogMeIn, Inc.) S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-06] (LogMeIn, Inc.) S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.) S4 Markit WSO Batch Service; C:\Program Files (x86)\Markit\WSO Batch\WSO.Batch.Services.Windows.exe [8704 2011-04-12] (Markit WSO Corporation) S4 Markit WSO Core Service; C:\Program Files (x86)\Markit\WSO Tools\WSO.Core.Services.Windows.exe [9728 2011-04-18] (Markit WSO Corporation) S4 Markit WSO Notification Service; C:\Program Files (x86)\Markit\WSO Notification Services\WSO.NotificationService.Host.exe [9216 2011-03-10] (Markit WSO Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61916000 2011-04-23] (Microsoft Corporation) S4 MSSQL$UKSQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.UKSQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation) S4 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-29] (BUFFALO INC.) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S4 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-05] (Nitro PDF Software) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) S4 ReportServer$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2011-04-23] (Microsoft Corporation) S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] () S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2011-04-23] (Microsoft Corporation) S4 SQLAgent$UKSQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.UKSQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation) S4 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S4 MSSQLFDLauncher$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.SQLEXPRESS [x] ==================== Drivers (Whitelisted) ==================== S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.) S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.) S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID) S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET) S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2012-12-21] (ESET) S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-12-21] (ESET) S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-12-21] (ESET) S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit) S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222904 2011-12-14] (QFX Software Corporation) S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 MSI_MSIBIOS_010507; C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [33592 2010-05-10] (Your Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI) S3 NTIOLib_1_0_8; C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [11888 2011-01-27] (MSI) S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-05] (IObit.com) S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-05] (IObit.com) S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2012-11-20] (Wondershare) S3 cpudrv64; No ImagePath S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x] S4 LMIRfsClientNP; No ImagePath S3 MsibiosDevice; No ImagePath S2 npf; system32\drivers\npf.sys [x] S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-01 12:27 - 2013-05-01 12:27 - 00000000 ____D C:\FRST 2013-04-30 16:11 - 2013-04-30 16:11 - 00000020 __ASH C:\Users\dog\ntuser.ini 2013-04-30 16:11 - 2013-04-30 16:11 - 00000000 ____D C:\users\dog 2013-04-30 16:11 - 2013-01-14 19:06 - 00000000 ____D C:\Users\dog\AppData\Roaming\IObit 2013-04-30 16:11 - 2012-10-13 13:59 - 00000000 ____D C:\Users\dog\AppData\Roaming\TuneUp Software 2013-04-30 16:11 - 2011-06-14 18:45 - 00000000 ____D C:\Users\dog\Documents\Visual Studio 2005 2013-04-30 16:11 - 2011-03-16 19:28 - 00086480 ____A C:\Users\dog\AppData\Local\GDIPFONTCACHEV1.DAT 2013-04-30 16:11 - 2011-03-16 19:27 - 00000000 ____D C:\Users\dog\Documents\Visual Studio 2008 2013-04-30 16:11 - 2011-03-16 19:27 - 00000000 ____D C:\Users\dog\AppData\Local\Microsoft Help 2013-04-30 16:11 - 2011-03-13 06:43 - 00000000 ____D C:\Users\dog\AppData\Roaming\Macromedia 2013-04-30 16:08 - 2013-04-30 18:29 - 00003258 ____A C:\Windows\PFRO.log 2013-04-30 16:03 - 2013-04-30 16:03 - 00000000 ____D C:\New folder 2013-04-30 07:02 - 2013-04-30 07:03 - 00000004 ____A C:\Users\administrator\AppData\Roaming\skype.ini 2013-04-30 07:02 - 2013-04-30 07:03 - 00000004 ____A C:\Users\administrator.lacasa\Application Data\skype.ini 2013-04-30 06:52 - 2013-04-30 06:52 - 00124928 ____A (Lotum GmbH) C:\Users\administrator.lacasa\notepad.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\teamviewer.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\flashplayer.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\acrobatreader.exe 2013-04-29 10:02 - 2013-04-29 10:03 - 227836060 ____A C:\Users\administrator.lacasa\Documents\Image.nrg 2013-04-27 20:57 - 2013-04-27 20:57 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\rockin body 2013-04-27 20:43 - 2013-04-27 20:43 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Shaun T's Rockin' Body 2013-04-27 20:36 - 2013-04-27 21:42 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Beachbody - Rockin' Body 2013-04-27 16:18 - 2013-04-30 16:26 - 00000784 ____A C:\Windows\setupact.log 2013-04-27 16:18 - 2013-04-27 16:18 - 00000000 ____A C:\Windows\setuperr.log 2013-04-27 08:28 - 2013-04-27 08:28 - 00004540 ____A C:\Users\administrator.lacasa\Desktop\cc_20130427_112815.reg 2013-04-27 08:28 - 2013-04-27 08:28 - 00000434 ____A C:\Users\administrator.lacasa\Desktop\cc_20130427_112845.reg 2013-04-23 19:12 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-18 18:02 - 2013-04-18 18:02 - 00000000 ____D C:\Users\administrator.lacasa\Desktop\nircmd-x64 2013-04-18 13:52 - 2013-04-18 13:52 - 00001147 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-18 13:44 - 2013-04-18 13:44 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Security Task Manager 1.8d+Serial 2013-04-16 06:53 - 2013-04-22 19:30 - 00000116 ____A C:\Users\administrator.lacasa\Desktop\SPF record.txt 2013-04-10 08:26 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 08:26 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 08:26 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 08:26 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 08:26 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 08:26 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 08:26 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 08:26 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 08:26 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 08:26 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 08:26 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 08:26 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 08:26 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 08:26 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 08:26 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 08:26 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 08:26 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 08:26 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 08:26 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 08:26 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 08:26 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 08:26 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-10 08:26 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-10 08:26 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 08:26 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 08:26 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-10 08:26 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-10 08:26 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 08:26 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 08:26 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 08:26 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 08:26 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 05:13 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 05:13 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 05:13 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-10 05:13 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-10 05:13 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-10 05:13 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 05:13 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 05:13 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-07 12:59 - 2013-04-07 12:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf 2013-04-07 12:58 - 2013-04-07 12:58 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2013-04-04 05:09 - 2010-07-27 21:15 - 03144336 ____A C:\Users\administrator.lacasa\Desktop\PFConfig 1.0.295 Setup.exe 2013-04-03 08:21 - 2013-04-07 12:58 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\LogMeInRemoteUser\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\gloyola\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\administrator.lacasa\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\Administrator.george\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo ==================== One Month Modified Files and Folders ======= 2013-05-01 12:27 - 2013-05-01 12:27 - 00000000 ____D C:\FRST 2013-05-01 08:26 - 2011-03-12 06:17 - 01625272 ____A C:\Windows\WindowsUpdate.log 2013-04-30 19:01 - 2009-07-13 20:45 - 00021680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-30 19:01 - 2009-07-13 20:45 - 00021680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-30 18:39 - 2013-02-22 07:53 - 00000000 ____D C:\Windows\pss 2013-04-30 18:29 - 2013-04-30 16:08 - 00003258 ____A C:\Windows\PFRO.log 2013-04-30 16:27 - 2013-01-30 19:16 - 00000354 ____A C:\Windows\Tasks\ROC_PAID_JAN2013_TB_rmv.job 2013-04-30 16:27 - 2013-01-24 14:55 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-04-30 16:26 - 2013-04-27 16:18 - 00000784 ____A C:\Windows\setupact.log 2013-04-30 16:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-30 16:11 - 2013-04-30 16:11 - 00000020 __ASH C:\Users\dog\ntuser.ini 2013-04-30 16:11 - 2013-04-30 16:11 - 00000000 ____D C:\users\dog 2013-04-30 16:03 - 2013-04-30 16:03 - 00000000 ____D C:\New folder 2013-04-30 15:56 - 2013-01-16 13:32 - 00000000 ___AD C:ProgramData\TEMP 2013-04-30 11:45 - 2012-03-30 03:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-30 07:03 - 2013-04-30 07:02 - 00000004 ____A C:\Users\administrator\AppData\Roaming\skype.ini 2013-04-30 07:03 - 2013-04-30 07:02 - 00000004 ____A C:\Users\administrator.lacasa\Application Data\skype.ini 2013-04-30 07:03 - 2013-02-22 08:23 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\DMCache 2013-04-30 06:52 - 2013-04-30 06:52 - 00124928 ____A (Lotum GmbH) C:\Users\administrator.lacasa\notepad.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\teamviewer.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\flashplayer.exe 2013-04-30 06:52 - 2013-04-30 06:52 - 00000000 ____A C:\Users\administrator.lacasa\acrobatreader.exe 2013-04-30 06:52 - 2011-03-12 17:26 - 00000000 ____D C:\users\administrator.lacasa 2013-04-29 19:35 - 2012-07-11 17:34 - 00012297 ____A C:\Users\administrator.lacasa\Desktop\RDC Manager.rdg 2013-04-29 10:03 - 2013-04-29 10:02 - 227836060 ____A C:\Users\administrator.lacasa\Documents\Image.nrg 2013-04-29 09:48 - 2012-07-13 10:25 - 00000000 ____D C:\Program Files (x86)\TorrentSearch 2013-04-29 09:48 - 2012-07-13 10:24 - 00000000 ____D C:\Program Files (x86)\intellidownload 2013-04-28 21:59 - 2013-02-22 08:23 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Compressed 2013-04-28 14:29 - 2011-04-30 19:02 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\vlc 2013-04-28 14:25 - 2013-02-26 09:01 - 00000000 ____D C:ProgramData\xml_param 2013-04-28 14:03 - 2013-02-26 08:42 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Video 2013-04-28 13:13 - 2013-01-27 13:58 - 00000000 ____D C:ProgramData\Wondershare Video Converter Ultimate 2013-04-28 13:05 - 2011-03-14 16:45 - 00000069 ____A C:\Windows\NeroDigital.ini 2013-04-28 11:21 - 2013-02-22 08:17 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\vso 2013-04-28 08:19 - 2013-02-22 08:23 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\IDM 2013-04-27 21:46 - 2011-04-01 19:50 - 00000000 ___HD C:\Users\administrator.lacasa\AppData\Roaming\BitTorrent 2013-04-27 21:42 - 2013-04-27 20:36 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Beachbody - Rockin' Body 2013-04-27 20:57 - 2013-04-27 20:57 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\rockin body 2013-04-27 20:43 - 2013-04-27 20:43 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Shaun T's Rockin' Body 2013-04-27 16:18 - 2013-04-27 16:18 - 00000000 ____A C:\Windows\setuperr.log 2013-04-27 08:31 - 2013-03-01 09:17 - 00000000 ____D C:\Users\administrator.lacasa\Desktop\UndeleteFiles 2013-04-27 08:28 - 2013-04-27 08:28 - 00004540 ____A C:\Users\administrator.lacasa\Desktop\cc_20130427_112815.reg 2013-04-27 08:28 - 2013-04-27 08:28 - 00000434 ____A C:\Users\administrator.lacasa\Desktop\cc_20130427_112845.reg 2013-04-27 08:26 - 2013-02-10 08:34 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Local\CrashDumps 2013-04-25 08:50 - 2012-11-20 22:30 - 00000000 ____D C:\Program Files (x86)\Simple Port Forwarding 2013-04-24 17:55 - 2012-09-09 08:31 - 00000000 ____D C:\Users\administrator.lacasa\Desktop\RESUMES 2012 2013-04-24 12:26 - 2011-03-12 20:31 - 00000000 ____D C:ProgramData\Adobe 2013-04-24 12:25 - 2011-03-12 20:06 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\Adobe 2013-04-23 18:55 - 2011-04-02 07:29 - 00000000 ___HD C:\Users\administrator.lacasa\Desktop\TRAINING 2013-04-23 18:32 - 2011-03-13 13:46 - 00000071 ____A C:\Users\administrator.lacasa\AppData\Roaming\default.pls 2013-04-23 17:53 - 2013-01-27 14:12 - 00000000 ____D C:\Users\administrator.lacasa\AppData\Roaming\AVS4YOU 2013-04-23 08:48 - 2012-12-23 21:01 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\TEST 2013-04-23 08:48 - 2012-12-21 08:03 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\TO DELETE 2013-04-22 19:30 - 2013-04-16 06:53 - 00000116 ____A C:\Users\administrator.lacasa\Desktop\SPF record.txt 2013-04-18 18:02 - 2013-04-18 18:02 - 00000000 ____D C:\Users\administrator.lacasa\Desktop\nircmd-x64 2013-04-18 16:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-18 13:52 - 2013-04-18 13:52 - 00001147 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-18 13:52 - 2012-05-14 11:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-18 13:44 - 2013-04-18 13:44 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\Security Task Manager 1.8d+Serial 2013-04-18 13:27 - 2011-04-01 19:51 - 00000000 ____D C:\Program Files (x86)\BitTorrent 2013-04-18 11:19 - 2013-03-01 18:03 - 00000000 ____D C:\Users\administrator.lacasa\Desktop\a 2013-04-12 21:21 - 2011-06-06 17:33 - 00000000 ____D C:\BGINFO 2013-04-12 06:45 - 2013-04-23 19:12 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 21:34 - 2012-03-30 03:32 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-04-10 21:34 - 2011-05-17 04:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-04-10 10:50 - 2009-07-13 20:45 - 04978608 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 08:29 - 2011-03-12 17:51 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 08:28 - 2011-03-15 16:18 - 00000000 ____D C:ProgramData\Microsoft Help 2013-04-07 12:59 - 2013-04-07 12:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf 2013-04-07 12:58 - 2013-04-07 12:58 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2013-04-07 12:58 - 2013-04-03 08:21 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-04-07 12:54 - 2011-03-13 10:52 - 00007613 ___AH C:\Users\administrator.lacasa\AppData\Local\Resmon.ResmonCfg 2013-04-06 08:42 - 2012-11-01 11:21 - 00000000 ____D C:\Users\administrator.lacasa\Downloads\TECHNICAL SOFTWARE 2013-04-04 11:50 - 2012-12-15 12:11 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\LogMeInRemoteUser\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\gloyola\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\administrator.lacasa\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00001045 ____A C:\Users\Administrator.george\Desktop\SpeedFan.lnk 2013-04-03 08:21 - 2013-04-03 08:21 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo 2013-04-02 02:34 - 2011-03-12 16:54 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ZeroAccess: C:\Windows\Installer\{130d9a8c-7e38-3c96-77d0-543647b9b223} C:\Windows\Installer\{130d9a8c-7e38-3c96-77d0-543647b9b223}\L ZeroAccess: C:\Users\administrator.lacasa\AppData\Local\{130d9a8c-7e38-3c96-77d0-543647b9b223} C:\Users\administrator.lacasa\AppData\Local\{130d9a8c-7e38-3c96-77d0-543647b9b223}\L C:\Users\administrator.lacasa\AppData\Local\{130d9a8c-7e38-3c96-77d0-543647b9b223}\U Other Malware: =========== C:\Users\administrator\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-18 06:05:33 Restore point made on: 2013-04-21 14:24:58 Restore point made on: 2013-04-22 05:28:04 Restore point made on: 2013-04-23 09:00:21 Restore point made on: 2013-04-24 05:23:04 Restore point made on: 2013-04-27 07:50:57 Restore point made on: 2013-04-27 08:18:32 Restore point made on: 2013-04-28 20:07:19 Restore point made on: 2013-04-29 04:34:03 Restore point made on: 2013-04-30 07:52:25 Restore point made on: 2013-04-30 15:44:03 Restore point made on: 2013-04-30 15:44:05 Restore point made on: 2013-04-30 15:44:05 Restore point made on: 2013-04-30 15:44:06 Restore point made on: 2013-04-30 15:44:09 Restore point made on: 2013-04-30 15:44:10 Restore point made on: 2013-04-30 15:44:11 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8191.18 MB Available physical RAM: 7295.64 MB Total Pagefile: 8189.33 MB Available Pagefile: 7291.13 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.4 GB) (Free:209.8 GB) NTFS (Disk=0 Partition=2) Drive f: () (Removable) (Total:14.98 GB) (Free:14.98 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 13 MB Disk 1 Online 15 GB 0 B Partitions of Disk 0: =============== Disk ID: 4367A08E Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: D09C564A Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 1144 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 14 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4367A08E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 15 GB) (Disk ID: D09C564A) Partition 1: (Not Active) - (Size=15 GB) - (Type=0B) Last Boot: 2013-02-02 22:46 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.