Jump to content

Copperbird

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Also, I already ran the Combofix uninstaller, and it said that it finished, but in my C: drive, it's still there.
  2. Also, I don't know why it says my license is invalid. I have been trying to validate it online with my product key (I don't have the CD because Vista was preinstalled in my computer) and had received "Unexpected Error" in the past, so I thought it was also because of malware --- Microsoft said it was a possible "registry error."
  3. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 MM :: PC [limited] 7/6/2013 3:30:34 PM mbam-log-2013-07-06 (15-30-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 312389 Time elapsed: 11 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\.exe| (Hijacked.exeFile) -> Bad: (ilh) Good: (exefile) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013 Ran by MM at 2013-07-06 15:27:43 Run:1 Running from C:\Users\MM\Downloads Boot Mode: Normal ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04 => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore] C:\Windows\System32\rstrui.exe /runonce [318464 2008-01-19 => Value not found. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully. HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531} => Key deleted successfully. HKCR\CLSID\{037039D8-8C53-43CC-95BE-198556E66531} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD} => Key deleted successfully. HKCR\CLSID\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} => Key deleted successfully. HKCR\CLSID\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully. HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found. C:\ProgramData\nvModes.dat => Moved successfully. C:\ProgramData\sysqcl1129139270.dat => Moved successfully. ==== End of Fixlog ====
  5. Here's the FRST.txt, and addition.txt is attached: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013Ran by MM (ATTENTION: The logged in user is not administrator) on 05-07-2013 15:21:33Running from C:\Users\MM\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe(Google Inc.) C:\Users\MM\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\system32\wuauclt.exe(Google Inc.) C:\Users\MM\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-27] (Synaptics Incorporated)HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [176128 2007-04-23] (CyberLink Corp.)HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [159744 2007-02-13] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-06-24] (NVIDIA Corporation)HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-10-03] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [1573888 2010-07-27] (Alcatel-Lucent)HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [202296 2011-12-24] (Kaspersky Lab ZAO)HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [318464 2008-01-19] (Microsoft Corporation)Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-30] (Google Inc.)HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKCU\...\Run: [Google Update] "C:\Users\MM\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-21] (Google Inc.)HKCU\...\Policies\system: [LogonHoursAction] 2HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1MountPoints2: {722cbcd1-b150-11de-8337-001b24c6f3a8} - F:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptopHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptopHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No FileSearchScopes: HKCU - {037039D8-8C53-43CC-95BE-198556E66531} URL = SearchScopes: HKCU - {06EC6852-6A7C-4587-8477-05A40025DF1C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7SearchScopes: HKCU - {8E8176CF-3C72-4F29-B0AF-5E670D763FBD} URL = SearchScopes: HKCU - {E4A7BA5D-1FCA-4261-85CA-307FC5471A6D} URL = BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileToolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabHandler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{3C4C231C-BD71-4AC7-A165-5023550969D3}: [NameServer]68.94.156.1,68.94.157.1 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\MM\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\MM\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\MM\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Java Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (YouTube) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Kaspersky URL Advisor) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0CHR Extension: (Motive Extension) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0CHR Extension: (Virtual Keyboard) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0CHR Extension: (Gmail) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR Extension: (Anti-Banner) - C:\Users\MM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0 ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202296 2011-12-24] (Kaspersky Lab ZAO)R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2009-12-14] (Infowatch)R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39352 2009-12-14] (Infowatch)R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [160768 2007-04-11] (Conexant Systems Inc.)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135984 2011-10-20] (Kaspersky Lab ZAO)R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13104 2011-10-20] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [585560 2012-10-25] (Kaspersky Lab)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-04] (Malwarebytes Corporation)S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))R3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-05 14:26 - 2013-07-05 14:26 - 01373373 ____A (Farbar) C:\Users\MM\Downloads\FRST.exe2013-07-05 14:26 - 2013-07-05 14:26 - 00000000 ____D C:\FRST2013-07-05 14:04 - 2013-07-05 14:04 - 00980480 ____A C:\Users\MM\Downloads\MicrosoftFixit50267.msi2013-07-05 13:53 - 2013-07-05 13:53 - 00002242 ____A C:\Users\David\Desktop\RKreport[0]_S_07052013_135308.txt2013-07-05 13:45 - 2013-07-05 13:45 - 00915456 ____A C:\Users\MM\Desktop\RogueKiller.exe2013-07-05 13:44 - 2013-07-05 13:44 - 00244224 ____A C:\Users\MM\Downloads\CF_UNINST.EXE2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\Local Settings\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\Local Settings\Application Data\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\AppData\Local\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\Local Settings\Temp(3)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\Local Settings\Application Data\Temp(3)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\AppData\Local\Temp(3)2013-07-05 12:11 - 2013-07-05 12:46 - 00000000 ___SD C:\ComboFix2013-07-05 08:47 - 2013-07-05 08:50 - 00003100 ____A C:\Users\David\Desktop\Rkill.txt2013-07-04 15:00 - 2013-07-04 15:00 - 13399154 ____A C:\Users\MM\Downloads\mbar-1.06.0.1004.zip2013-07-04 15:00 - 2013-07-04 15:00 - 00002109 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_150002.txt2013-07-04 15:00 - 2013-07-04 15:00 - 00001670 ____A C:\Users\David\Desktop\RKreport[0]_H_07042013_150030.txt2013-07-04 14:43 - 2013-07-04 14:43 - 00002075 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_144302.txt2013-07-04 14:32 - 2013-07-04 14:32 - 00002042 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_143214.txt2013-07-04 14:29 - 2013-07-05 13:54 - 00000000 ____D C:\Users\David\Desktop\RK_Quarantine2013-07-04 13:39 - 2013-07-04 13:41 - 00015214 ____A C:\Users\David\Desktop\dds.txt2013-07-04 13:39 - 2013-07-04 13:41 - 00007372 ____A C:\Users\David\Desktop\attach.txt2013-07-04 10:26 - 2013-07-04 10:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-07-04 10:26 - 2013-07-04 10:26 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-04 10:26 - 2013-07-04 10:26 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Users\David\Application Data\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-04 10:26 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-07-04 10:22 - 2013-07-04 10:22 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MM\Downloads\mbam-setup-1.75.0.1300.exe2013-07-03 21:15 - 2013-07-03 21:15 - 00000000 ____D C:\a1e0f94f4f71a2b20f9c2013-07-03 20:59 - 2013-07-03 21:01 - 138654041 ____A C:\Users\MM\Downloads\Windows6.0-KB947821-v28-x86.msu2013-07-01 09:21 - 2013-07-05 14:27 - 00798242 ____A C:\Windows\WindowsUpdate.log2013-06-30 22:17 - 2013-06-30 22:17 - 00000000 ____A C:\Windows\setuperr.log2013-06-30 22:17 - 2013-06-30 22:17 - 00000000 ____A C:\Windows\setupact.log2013-06-30 20:42 - 2013-06-30 20:42 - 00000078 ____A C:\lxdd.log2013-06-30 20:31 - 2013-06-30 21:49 - 00000000 ____D C:\Users\David\Application Data\Skype2013-06-30 20:31 - 2013-06-30 21:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype2013-06-30 19:26 - 2013-06-30 19:26 - 00347424 ____A (Microsoft Corporation) C:\Users\MM\Downloads\MicrosoftFixit.wu.FISC.133296068933299641.4.1.Run.exe2013-06-30 14:49 - 2013-06-30 14:50 - 00000000 ____D C:\8053e7b0b634183b532013-06-30 07:25 - 2013-06-30 07:25 - 00473096 ____A (Hewlett-Packard Company ) C:\Users\MM\Downloads\sp38202.exe2013-06-29 16:07 - 2013-06-29 16:09 - 00000000 ____D C:\Users\MM\NHS Website Backgrounds2013-06-29 15:58 - 2013-06-29 15:59 - 00000000 ____D C:\Users\MM\A2013-06-29 15:55 - 2013-06-29 15:55 - 00000000 ____D C:\Users\MM\Dover Free Clip Art2013-06-29 15:39 - 2013-06-29 16:06 - 00000000 ____D C:\Users\MM\MM Graduation Photos2013-06-28 19:47 - 2013-06-28 19:47 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage2013-06-28 19:47 - 2013-06-28 19:47 - 00000000 ____D C:\ProgramData\Application Data\Windows Genuine Advantage2013-06-28 19:46 - 2013-06-28 19:46 - 00002626 ____A C:\Users\MM\Downloads\legitcheck.hta2013-06-28 07:09 - 2013-06-28 07:09 - 00000000 ____D C:\Users\MM\My Documents\New Folder2013-06-28 07:09 - 2013-06-28 07:09 - 00000000 ____D C:\Users\MM\Documents\New Folder2013-06-27 20:32 - 2013-06-27 20:32 - 03191888 ____A (McAfee, Inc.) C:\Users\MM\Downloads\MCPR.exe2013-06-27 18:28 - 2013-06-27 18:36 - 00000000 ____D C:\Users\MM\Desktop\ReportMaker2013-06-27 18:27 - 2013-06-27 18:28 - 05071019 ____A C:\Users\MM\Downloads\ReportMaker.exe2013-06-26 18:18 - 2013-06-26 18:19 - 84531984 ____A (Microsoft Corporation) C:\Users\MM\Downloads\msert.exe2013-06-24 12:28 - 2013-06-24 12:28 - 00000000 ____D C:\4c7a2a57247ff3414ec69abb202013-06-23 13:28 - 2013-06-23 13:28 - 00266635 ____A C:\Users\MM\Downloads\coupon.htm2013-06-23 13:28 - 2013-06-23 13:28 - 00000000 ____D C:\Users\MM\Downloads\coupon_files2013-06-13 12:32 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-13 12:32 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-13 12:32 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-13 12:32 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-13 12:32 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-13 12:32 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-06-13 12:32 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-06-13 12:32 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-06-13 12:32 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-13 12:32 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-06-13 12:32 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-06-13 12:32 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-13 12:32 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-13 12:32 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-06-13 12:32 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-13 12:32 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-06-12 14:51 - 2013-05-07 23:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-06-12 14:51 - 2013-05-02 17:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe2013-06-12 14:51 - 2013-05-02 17:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-06-12 14:51 - 2013-05-01 23:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-06-12 14:51 - 2013-05-01 23:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll2013-06-12 14:51 - 2013-04-23 23:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-06-12 14:51 - 2013-04-23 23:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-06-12 14:51 - 2013-04-23 23:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-06-12 14:51 - 2013-04-23 23:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-06-12 14:51 - 2013-04-23 20:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-06-07 13:57 - 2013-06-07 13:58 - 00000000 ____D C:\d21bc27f234745fff305b12013-06-06 15:18 - 2013-06-06 15:18 - 00000000 ____D C:\de97f0fff34a6460a575edf027f207 ==================== One Month Modified Files and Folders ======== 2013-07-05 15:17 - 2012-02-04 23:39 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1004UA.job2013-07-05 15:16 - 2011-03-02 20:14 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-05 14:56 - 2006-11-02 07:47 - 00003696 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-07-05 14:56 - 2006-11-02 07:47 - 00003696 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-07-05 14:41 - 2012-02-19 18:56 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1005UA.job2013-07-05 14:38 - 2011-08-25 22:08 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1000UA.job2013-07-05 14:27 - 2013-07-01 09:21 - 00798242 ____A C:\Windows\WindowsUpdate.log2013-07-05 14:27 - 2011-11-11 04:38 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1002UA.job2013-07-05 14:26 - 2013-07-05 14:26 - 01373373 ____A (Farbar) C:\Users\MM\Downloads\FRST.exe2013-07-05 14:26 - 2013-07-05 14:26 - 00000000 ____D C:\FRST2013-07-05 14:25 - 2007-08-04 05:40 - 00000147 ____A C:\Users\Public\Documents\hpqp.ini2013-07-05 14:25 - 2007-08-04 05:40 - 00000147 ____A C:\ProgramData\Documents\hpqp.ini2013-07-05 14:17 - 2012-03-12 15:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-07-05 14:17 - 2012-03-12 15:54 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab2013-07-05 14:13 - 2009-02-15 15:37 - 00113522 ____A C:\ProgramData\nvModes.0012013-07-05 14:13 - 2009-02-15 15:37 - 00113522 ____A C:\ProgramData\Application Data\nvModes.0012013-07-05 14:11 - 2011-03-02 20:14 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-05 14:11 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-07-05 14:08 - 2006-11-02 08:01 - 00004498 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-07-05 14:04 - 2013-07-05 14:04 - 00980480 ____A C:\Users\MM\Downloads\MicrosoftFixit50267.msi2013-07-05 13:54 - 2013-07-04 14:29 - 00000000 ____D C:\Users\David\Desktop\RK_Quarantine2013-07-05 13:53 - 2013-07-05 13:53 - 00002242 ____A C:\Users\David\Desktop\RKreport[0]_S_07052013_135308.txt2013-07-05 13:45 - 2013-07-05 13:45 - 00915456 ____A C:\Users\MM\Desktop\RogueKiller.exe2013-07-05 13:44 - 2013-07-05 13:44 - 00244224 ____A C:\Users\MM\Downloads\CF_UNINST.EXE2013-07-05 13:23 - 2006-11-02 05:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI2013-07-05 13:16 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\Msdtc2013-07-05 13:13 - 2009-06-30 23:46 - 00000000 ____D C:\users\Boogie2013-07-05 13:13 - 2009-06-30 23:44 - 00000000 ____D C:\Users\MM\Application Data\Adobe2013-07-05 13:13 - 2009-06-30 23:44 - 00000000 ____D C:\Users\MM\AppData\Roaming\Adobe2013-07-05 13:13 - 2009-06-30 23:42 - 00000000 ____D C:\Users\MM\Local Settings\QuickPlay2013-07-05 13:13 - 2009-06-30 23:42 - 00000000 ____D C:\Users\MM\Local Settings\Application Data\QuickPlay2013-07-05 13:13 - 2009-06-30 23:42 - 00000000 ____D C:\Users\MM\AppData\Local\QuickPlay2013-07-05 13:13 - 2009-06-30 23:42 - 00000000 ____D C:\users\MM2013-07-05 13:13 - 2009-06-30 23:25 - 00000000 ____D C:\users\Lighthouse2013-07-05 13:13 - 2009-06-30 22:25 - 00000000 ____D C:\users\David2013-07-05 13:13 - 2007-11-23 03:22 - 00000000 ____D C:\users\Kristel2013-07-05 13:13 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\spool2013-07-05 13:13 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration2013-07-05 13:13 - 2006-11-02 05:22 - 87293952 ____A C:\Windows\System32\config\system_previous2013-07-05 13:13 - 2006-11-02 05:22 - 54525952 ____A C:\Windows\System32\config\software_previous2013-07-05 13:13 - 2006-11-02 05:22 - 42991616 ____A C:\Windows\System32\config\components_previous2013-07-05 13:13 - 2006-11-02 05:22 - 00786432 ____A C:\Windows\System32\config\default_previous2013-07-05 13:13 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\security_previous2013-07-05 13:13 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\sam_previous2013-07-05 12:49 - 2010-12-20 10:19 - 00156656 ____A C:\Windows\PFRO.log2013-07-05 12:49 - 2009-02-15 15:37 - 00113522 ____A C:\ProgramData\nvModes.dat2013-07-05 12:49 - 2009-02-15 15:37 - 00113522 ____A C:\ProgramData\Application Data\nvModes.dat2013-07-05 12:46 - 2013-07-05 12:11 - 00000000 ___SD C:\ComboFix2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\Local Settings\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\Local Settings\Application Data\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Lighthouse\AppData\Local\Temp(4)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\Local Settings\Temp(3)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\Local Settings\Application Data\Temp(3)2013-07-05 12:45 - 2013-07-05 12:45 - 00000000 ____D C:\Users\Kristel\AppData\Local\Temp(3)2013-07-05 08:50 - 2013-07-05 08:47 - 00003100 ____A C:\Users\David\Desktop\Rkill.txt2013-07-04 15:00 - 2013-07-04 15:00 - 13399154 ____A C:\Users\MM\Downloads\mbar-1.06.0.1004.zip2013-07-04 15:00 - 2013-07-04 15:00 - 00002109 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_150002.txt2013-07-04 15:00 - 2013-07-04 15:00 - 00001670 ____A C:\Users\David\Desktop\RKreport[0]_H_07042013_150030.txt2013-07-04 14:43 - 2013-07-04 14:43 - 00002075 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_144302.txt2013-07-04 14:32 - 2013-07-04 14:32 - 00002042 ____A C:\Users\David\Desktop\RKreport[0]_S_07042013_143214.txt2013-07-04 13:41 - 2013-07-04 13:39 - 00015214 ____A C:\Users\David\Desktop\dds.txt2013-07-04 13:41 - 2013-07-04 13:39 - 00007372 ____A C:\Users\David\Desktop\attach.txt2013-07-04 10:27 - 2013-07-04 10:26 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-07-04 10:26 - 2013-07-04 10:26 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-04 10:26 - 2013-07-04 10:26 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Users\David\Application Data\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes2013-07-04 10:26 - 2013-07-04 10:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-04 10:22 - 2013-07-04 10:22 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\MM\Downloads\mbam-setup-1.75.0.1300.exe2013-07-04 02:27 - 2011-11-11 04:38 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1002Core.job2013-07-03 21:18 - 2012-02-04 23:39 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1004Core.job2013-07-03 21:15 - 2013-07-03 21:15 - 00000000 ____D C:\a1e0f94f4f71a2b20f9c2013-07-03 21:01 - 2013-07-03 20:59 - 138654041 ____A C:\Users\MM\Downloads\Windows6.0-KB947821-v28-x86.msu2013-07-01 22:44 - 2009-09-28 18:05 - 00027648 ____A C:\Users\MM\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-07-01 22:44 - 2009-09-28 18:05 - 00027648 ____A C:\Users\MM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-07-01 22:44 - 2009-09-28 18:05 - 00027648 ____A C:\Users\MM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-07-01 16:41 - 2012-02-19 18:56 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1005Core.job2013-07-01 09:21 - 2006-11-02 06:18 - 00000000 ___RD C:\users\Public2013-07-01 09:20 - 2009-06-30 23:42 - 00115944 ____A C:\Users\MM\Local Settings\GDIPFONTCACHEV1.DAT2013-07-01 09:20 - 2009-06-30 23:42 - 00115944 ____A C:\Users\MM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-07-01 09:20 - 2009-06-30 23:42 - 00115944 ____A C:\Users\MM\AppData\Local\GDIPFONTCACHEV1.DAT2013-07-01 09:17 - 2009-06-30 23:42 - 00000898 _RASH C:\Users\MM\ntuser.pol2013-07-01 02:02 - 2009-10-02 11:23 - 00000000 ____D C:\Users\David\Local Settings\Application Data\Adobe2013-07-01 02:02 - 2009-10-02 11:23 - 00000000 ____D C:\Users\David\Local Settings\Adobe2013-07-01 02:02 - 2009-10-02 11:23 - 00000000 ____D C:\Users\David\AppData\Local\Adobe2013-07-01 01:59 - 2009-12-19 16:08 - 00000000 ____D C:\Users\David\Application Data\Adobe2013-07-01 01:59 - 2009-12-19 16:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe2013-06-30 22:35 - 2009-12-19 16:16 - 00000118 ____A C:\Users\David\Application Data\wklnhst.dat2013-06-30 22:35 - 2009-12-19 16:16 - 00000118 ____A C:\Users\David\AppData\Roaming\wklnhst.dat2013-06-30 22:17 - 2013-06-30 22:17 - 00000000 ____A C:\Windows\setuperr.log2013-06-30 22:17 - 2013-06-30 22:17 - 00000000 ____A C:\Windows\setupact.log2013-06-30 22:14 - 2009-06-30 22:53 - 00000632 _RASH C:\Users\David\ntuser.pol2013-06-30 21:49 - 2013-06-30 20:31 - 00000000 ____D C:\Users\David\Application Data\Skype2013-06-30 21:49 - 2013-06-30 20:31 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype2013-06-30 21:04 - 2011-04-03 06:04 - 00000000 ____D C:\Windows\Minidump2013-06-30 20:56 - 2007-08-04 04:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-06-30 20:45 - 2006-11-02 07:47 - 00448848 ____A C:\Windows\System32\FNTCACHE.DAT2013-06-30 20:42 - 2013-06-30 20:42 - 00000078 ____A C:\lxdd.log2013-06-30 20:42 - 2008-01-13 13:34 - 00000000 ____D C:\Program Files\Lexmark Toolbar2013-06-30 20:42 - 2008-01-13 13:34 - 00000000 ____D C:\Program Files\Lexmark Fax Solutions2013-06-30 20:40 - 2009-06-30 22:26 - 00115944 ____A C:\Users\David\Local Settings\GDIPFONTCACHEV1.DAT2013-06-30 20:40 - 2009-06-30 22:26 - 00115944 ____A C:\Users\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-06-30 20:40 - 2009-06-30 22:26 - 00115944 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT2013-06-30 20:39 - 2008-06-12 11:24 - 00000162 ____A C:\YServer.txt2013-06-30 20:39 - 2007-08-04 05:58 - 00000000 ____D C:\Program Files\Yahoo!2013-06-30 19:26 - 2013-06-30 19:26 - 00347424 ____A (Microsoft Corporation) C:\Users\MM\Downloads\MicrosoftFixit.wu.FISC.133296068933299641.4.1.Run.exe2013-06-30 18:38 - 2011-08-25 22:08 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952376234-241356355-3558303045-1000Core.job2013-06-30 14:50 - 2013-06-30 14:49 - 00000000 ____D C:\8053e7b0b634183b532013-06-30 07:25 - 2013-06-30 07:25 - 00473096 ____A (Hewlett-Packard Company ) C:\Users\MM\Downloads\sp38202.exe2013-06-29 16:09 - 2013-06-29 16:07 - 00000000 ____D C:\Users\MM\NHS Website Backgrounds2013-06-29 16:06 - 2013-06-29 15:39 - 00000000 ____D C:\Users\MM\MM Graduation Photos2013-06-29 15:59 - 2013-06-29 15:58 - 00000000 ____D C:\Users\MM\A2013-06-29 15:55 - 2013-06-29 15:55 - 00000000 ____D C:\Users\MM\Dover Free Clip Art2013-06-28 19:47 - 2013-06-28 19:47 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage2013-06-28 19:47 - 2013-06-28 19:47 - 00000000 ____D C:\ProgramData\Application Data\Windows Genuine Advantage2013-06-28 19:46 - 2013-06-28 19:46 - 00002626 ____A C:\Users\MM\Downloads\legitcheck.hta2013-06-28 19:17 - 2009-07-04 14:46 - 00027656 ____A C:\Users\MM\Application Data\wklnhst.dat2013-06-28 19:17 - 2009-07-04 14:46 - 00027656 ____A C:\Users\MM\AppData\Roaming\wklnhst.dat2013-06-28 07:09 - 2013-06-28 07:09 - 00000000 ____D C:\Users\MM\My Documents\New Folder2013-06-28 07:09 - 2013-06-28 07:09 - 00000000 ____D C:\Users\MM\Documents\New Folder2013-06-27 20:32 - 2013-06-27 20:32 - 03191888 ____A (McAfee, Inc.) C:\Users\MM\Downloads\MCPR.exe2013-06-27 18:36 - 2013-06-27 18:28 - 00000000 ____D C:\Users\MM\Desktop\ReportMaker2013-06-27 18:28 - 2013-06-27 18:27 - 05071019 ____A C:\Users\MM\Downloads\ReportMaker.exe2013-06-26 18:19 - 2013-06-26 18:18 - 84531984 ____A (Microsoft Corporation) C:\Users\MM\Downloads\msert.exe2013-06-24 12:28 - 2013-06-24 12:28 - 00000000 ____D C:\4c7a2a57247ff3414ec69abb202013-06-24 07:10 - 2009-06-30 23:48 - 00000000 ____D C:\Users\Boogie\Local Settings\Google2013-06-24 07:10 - 2009-06-30 23:48 - 00000000 ____D C:\Users\Boogie\Local Settings\Application Data\Google2013-06-24 07:10 - 2009-06-30 23:48 - 00000000 ____D C:\Users\Boogie\AppData\Local\Google2013-06-23 13:28 - 2013-06-23 13:28 - 00266635 ____A C:\Users\MM\Downloads\coupon.htm2013-06-23 13:28 - 2013-06-23 13:28 - 00000000 ____D C:\Users\MM\Downloads\coupon_files2013-06-21 07:53 - 2012-02-19 18:57 - 00002047 ____A C:\Users\Boogie\Desktop\Google Chrome.lnk2013-06-20 17:38 - 2011-11-11 04:40 - 00002027 ____A C:\Users\MM\Desktop\Google Chrome.lnk2013-06-13 13:10 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache2013-06-13 12:26 - 2006-11-02 05:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-06-13 05:20 - 2010-10-24 05:18 - 00000000 ____D C:\Users\MM\Application Data\gtk-2.02013-06-13 05:20 - 2010-10-24 05:18 - 00000000 ____D C:\Users\MM\AppData\Roaming\gtk-2.02013-06-13 05:20 - 2010-10-24 04:44 - 00000000 ____D C:\Users\MM\.gimp-2.62013-06-07 13:58 - 2013-06-07 13:57 - 00000000 ____D C:\d21bc27f234745fff305b12013-06-06 15:18 - 2013-06-06 15:18 - 00000000 ____D C:\de97f0fff34a6460a575edf027f207 Files to move or delete:====================C:\ProgramData\nvModes.datC:\ProgramData\sysqcl1129139270.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-05 14:16 ==================== End Of Log ============================Addition.txt
  6. Strangely, when I clicked the option not to continue, the scan started working.
  7. I clicked continue, and got the same error message. Farbar can't work on my computer after all. Also, I have never used W8, it was just suggested in the Microsoft Help and Support website.
  8. I have the option to continue with the next file, but I am unsure if I should. Also, as a last resort, I'm thinking of upgrading to Windows 8 instead.
  9. There was an error with Farbar: Error saving file C:\FRST\HIVES\security ! Continue with the next file? [ RegCreateKeyEx: 5 - Access is denied ]
  10. Sorry for the delay, after I ran the Fixit, Google Chrome cannot be opened.
  11. RogueKiller V8.6.2 [Jul 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : David [Admin rights] Mode : Scan -- Date : 07/05/2013 13:53:08 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (xxx.xxx.xxx.xxx:xxxx) -> FOUND [DNS] HKLM\[...]\CCSet\[...]\{3C4C231C-BD71-4AC7-A165-5023550969D3} : NameServer (68.94.156.1,68.94.157.1) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{3C4C231C-BD71-4AC7-A165-5023550969D3} : NameServer (68.94.156.1,68.94.157.1) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKUS\S-1-5-21-1952376234-241356355-3558303045-1002\[...]\.exe : (ilh) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1637GSX ATA Device +++++ --- User --- [MBR] 488e820905beddbe25daed0d917206f3 [bSP] d359f184b4f987f009da31b68d9a3d90 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143996 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294905205 | Size: 8628 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07052013_135308.txt >> RKreport[0]_H_07042013_150030.txt;RKreport[0]_S_07042013_143214.txt;RKreport[0]_S_07042013_144302.txt RKreport[0]_S_07042013_150002.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.