Jump to content

scgirl30

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. scgirl30
    Results of screen317's Security Check version 0.99.87 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp CCleaner Adobe Reader 10.1.12 Adobe Reader out of Date! Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. scgirl30
    Sorry, I believe my computer locked up at the end of ComboFix last time. I reran ComboFix, I hope this is correct. Thanks ComboFix 14-09-29.02 - user 10/01/2014 5:47.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1168 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . . ((((((((((((((((((((((((( Files Created from 2014-09-01 to 2014-10-01 ))))))))))))))))))))))))))))))) . . 2014-10-01 10:21 . 2014-10-01 10:22 -------- d-----w- c:\users\user\AppData\Local\temp 2014-10-01 10:21 . 2014-10-01 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-29 02:01 . 2014-09-29 02:10 -------- d-----w- C:\FRST 2014-09-28 16:07 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-09-28 16:04 . 2014-09-28 16:08 -------- d-----w- C:\AdwCleaner 2014-09-28 12:37 . 2014-09-30 09:48 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-09-28 12:37 . 2014-09-28 12:37 -------- d-----w- c:\programdata\RogueKiller 2014-09-23 18:43 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-06 01:44 . 2014-09-06 01:44 -------- d-----w- C:\CtJbFW . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-28 22:27 . 2014-05-18 11:41 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-28 13:42 . 2014-02-02 13:20 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-24 10:21 . 2013-08-25 13:37 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-09-24 10:21 . 2013-08-25 13:37 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-29 19:15 . 2014-08-29 19:16 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-08-23 01:03 . 2014-08-27 21:50 297984 ----a-w- c:\windows\system32\gdi32.dll 2014-08-22 23:26 . 2014-08-27 21:50 2054656 ----a-w- c:\windows\system32\win32k.sys 2014-08-06 14:49 . 2014-08-06 14:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-22 01:03 . 2014-07-22 01:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-11-04 17:30 . 2013-11-04 17:30 1174979 ----a-w- c:\program files\unins000.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-12-08 18:34 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 01:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 16:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-04-27 20:35 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray] 2008-07-29 20:38 331851 ----a-w- c:\program files\Dell\Dell Mobile Broadband\systray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 00:07 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 10:22] . 2014-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-25 14:17] . 2014-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-25 14:17] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-10-01 06:21 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2014-10-01 06:31:26 ComboFix-quarantined-files.txt 2014-10-01 10:31 . Pre-Run: 107,282,030,592 bytes free Post-Run: 107,261,087,744 bytes free . - - End Of File - - B84D8D9C164606F4CACA32181FE4F6F3 5C616939100B85E558DA92B899A0FC36
  3. scgirl30
    Here is the Combo Fix Log, ComboFix 14-09-29.02 - user 09/30/2014 20:51:26.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1161 [GMT -4:00] Running from: C:\Users\user\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} ((((((((((((((((((((((((( Files Created from 2014-09-01 to 2014-10-01 ))))))))))))))))))))))))))))))) 2014-10-01 01:27:19 . 2014-10-01 01:28:40 -------- d-----w- C:\Users\user\AppData\Local\temp 2014-10-01 01:27:19 . 2014-10-01 01:27:19 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-09-29 02:01:38 . 2014-09-29 02:10:51 -------- d-----w- C:\FRST 2014-09-28 16:07:44 . 2010-08-30 12:34:16 536576 ----a-w- C:\Windows\system32\sqlite3.dll 2014-09-28 16:04:08 . 2014-09-28 16:08:31 -------- d-----w- C:\AdwCleaner 2014-09-28 12:37:53 . 2014-09-30 09:48:43 34808 ----a-w- C:\Windows\system32\drivers\TrueSight.sys 2014-09-28 12:37:42 . 2014-09-28 12:37:51 -------- d-----w- C:\ProgramData\RogueKiller 2014-09-23 18:43:51 . 2014-09-09 06:24:46 2048 ----a-w- C:\Windows\system32\tzres.dll 2014-09-06 01:44:21 . 2014-09-06 01:44:21 -------- d-----w- C:\CtJbFW . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2014-09-28 22:27:54 . 2014-05-18 11:41:40 110296 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2014-09-28 13:42:24 . 2014-02-02 13:20:10 75480 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys 2014-09-24 10:21:54 . 2013-08-25 13:37:25 701104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2014-09-24 10:21:54 . 2013-08-25 13:37:24 71344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-29 19:15:30 . 2014-08-29 19:16:33 42784 ----a-w- C:\Windows\system32\drivers\avgtpx86.sys 2014-08-23 01:03:46 . 2014-08-27 21:50:48 297984 ----a-w- C:\Windows\system32\gdi32.dll 2014-08-22 23:26:28 . 2014-08-27 21:50:49 2054656 ----a-w- C:\Windows\system32\win32k.sys 2014-08-06 14:49:48 . 2014-08-06 14:49:48 98584 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys 2014-07-25 06:35:46 . 2014-07-25 06:35:46 875688 ----a-w- C:\Windows\system32\msvcr120_clr0400.dll 2014-07-22 01:03:22 . 2014-07-22 01:03:22 200984 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys 2013-11-04 17:30:18 . 2013-11-04 17:30:21 1174979 ----a-w- C:\Program Files\unins000.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33:40 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe" [2014-08-25 15:37:18 5188112] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 16:30:32 959176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk backup=C:\Windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2007-12-08 18:34:40 3444736 ----a-w- C:\Windows\System32\WLTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 22:36:46 30040 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 08:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 01:26:38 128232 ------w- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 16:35:24 90112 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-04-27 20:35:28 857648 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray] 2008-07-29 20:38:02 331851 ----a-w- C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 00:07:27 1096520 ----a-w- C:\Program Files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2014-10-01 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 13:37:26 . 2014-09-24 10:22:00] 2014-10-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25 14:17:37 . 2013-08-25 14:17:08] 2014-10-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25 14:17:37 . 2013-08-25 14:17:08] ------- Supplementary Scan ------- IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 - - - - ORPHANS REMOVED - - - - SafeBoot-98587701.sys SafeBoot-WudfPf SafeBoot-WudfRd
  4. scgirl30
    I also ran Rkill, Junkware Removal Tool and ADWCleaner. TDSS Killer and MBAR came back clean. Here is the Rougekiller log, I had to rerun it I could not locate the old log. Thanks for your help. RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : user [Admin rights]Mode : Scan -- Date : 09/30/2014 06:24:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\DRVMCDB @ Unknown (\SystemRoot\System32\Drivers\DLACDBHM.SYS) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: Hitachi HTS545016B9A300 ATA Device +++++--- User ---[MBR] 67030abd65a91200b99ff354cad3b561[bSP] 668b93108f8ac706de5ac2055d6595bc : HP MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_DEL_09282014_091019.log - RKreport_DEL_09282014_093911.log - RKreport_DEL_09282014_214536.log - RKreport_SCN_09282014_090704.logRKreport_SCN_09282014_093559.log - RKreport_SCN_09282014_213557.log
  5. scgirl30
    Hello, My computer is running extremely slow. I ran Malwarebytes, it clean. I also ran rouge killer and it appeared to find various things PUM.polices under registry and rootkits, imapi2.dll. Here are the requested logs. Thanks for your help. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02Ran by user (administrator) on USER-PC on 28-09-2014 22:01:53Running from C:\Users\user\DownloadsLoaded Profile: user (Available profiles: user)Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe() C:\Windows\System32\WLTRYSVC.EXE(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-2228866344-1533320905-1470765764-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA1277D02E2D9CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-23] Chrome: =======CHR CustomProfile: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-28]CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]S2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-29] (AVG Technologies)R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-09-28] (Malwarebytes Corporation)R3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [166144 2007-11-02] (Novatel Wireless Inc.)R3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [166144 2007-11-02] (Novatel Wireless Inc.)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-09-28] ()S3 WideUSB; C:\Windows\System32\DRIVERS\WideUSB.sys [36584 2013-11-04] (6Ci)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NvtSp50; System32\Drivers\NvtSp50.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 22:01 - 2014-09-28 22:03 - 00008587 _____ () C:\Users\user\Downloads\FRST.txt2014-09-28 22:01 - 2014-09-28 22:02 - 00000000 ____D () C:\FRST2014-09-28 22:00 - 2014-09-28 22:01 - 01100288 _____ (Farbar) C:\Users\user\Downloads\FRST.exe2014-09-28 17:44 - 2014-09-28 20:21 - 00011220 _____ () C:\Users\user\Documents\Lucy Stuff 09-30-14.xlsx2014-09-28 12:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll2014-09-28 12:04 - 2014-09-28 12:08 - 00000000 ____D () C:\AdwCleaner2014-09-28 12:03 - 2014-09-28 12:03 - 01373475 _____ () C:\Users\user\Downloads\adwcleaner_3.310.exe2014-09-28 11:59 - 2014-09-28 11:59 - 00000639 _____ () C:\Users\user\Desktop\JRT.txt2014-09-28 11:47 - 2014-09-28 11:47 - 01699276 _____ (Thisisu) C:\Users\user\Downloads\JRT (1).exe2014-09-28 11:14 - 2014-09-28 11:14 - 01699276 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe2014-09-28 11:01 - 2014-09-28 11:02 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller (1).exe2014-09-28 10:39 - 2014-09-28 10:40 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe2014-09-28 09:40 - 2014-09-28 09:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012 (1).exe2014-09-28 08:37 - 2014-09-28 21:21 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-09-28 08:37 - 2014-09-28 08:37 - 00000000 ____D () C:\ProgramData\RogueKiller2014-09-28 08:36 - 2014-09-28 08:37 - 04893784 _____ () C:\Users\user\Downloads\RogueKiller (2).exe2014-09-28 08:35 - 2014-09-28 08:36 - 00001892 _____ () C:\Users\user\Desktop\Rkill.txt2014-09-28 08:34 - 2014-09-28 08:35 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe2014-09-28 08:21 - 2014-09-28 08:21 - 00000826 _____ () C:\Users\user\Documents\cc_20140928_082132.reg2014-09-27 20:05 - 2014-09-28 09:42 - 00000000 ____D () C:\Users\user\Desktop\mbar2014-09-27 20:03 - 2014-09-27 20:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe2014-09-27 18:39 - 2014-09-27 18:39 - 04893784 _____ () C:\Users\user\Downloads\RogueKiller (1).exe2014-09-27 07:26 - 2014-09-27 07:26 - 04893784 _____ () C:\Users\user\Downloads\RogueKiller.exe2014-09-25 05:12 - 2014-09-25 05:13 - 00001062 _____ () C:\Users\user\Documents\cc_20140925_051249.reg2014-09-23 14:43 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-18 12:29 - 2014-09-18 12:29 - 04901352 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup417 (1).exe2014-09-13 07:42 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-13 07:42 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-13 07:42 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-13 07:42 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-13 07:42 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-13 07:42 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-13 07:42 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-13 07:42 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-13 07:42 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-09-13 07:42 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-13 07:42 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-13 07:42 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-13 07:42 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-09-13 07:42 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-09-05 21:44 - 2014-09-05 21:44 - 00000000 ____D () C:\CtJbFW2014-09-05 21:43 - 2014-09-05 21:44 - 02125824 _____ (Creative Technology Ltd) C:\Users\user\Downloads\ZenMicroPDE_PCFW_LB_1_11_01.exe2014-09-05 21:04 - 2014-09-05 21:05 - 00000000 ____D () C:\Users\user\Documents\Registry2014-08-31 13:14 - 2014-09-18 15:00 - 00011540 _____ () C:\Users\user\Documents\Lucy Stuff 08-31-14.xlsx2014-08-29 23:42 - 2014-08-29 23:42 - 04901352 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup417.exe2014-08-29 15:17 - 2014-08-29 23:10 - 00000000 ____D () C:\Users\user\AppData\Local\AVG Web TuneUp2014-08-29 15:16 - 2014-09-04 08:17 - 00000000 ____D () C:\Program Files\AVG Web TuneUp2014-08-29 15:16 - 2014-08-29 15:16 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp2014-08-29 15:16 - 2014-08-29 15:15 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 22:06 - 2013-08-25 10:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-28 21:58 - 2006-11-02 08:49 - 02070412 _____ () C:\Windows\WindowsUpdate.log2014-09-28 21:54 - 2013-08-25 10:17 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-28 21:53 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-28 21:53 - 2006-11-02 08:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-09-28 21:53 - 2006-11-02 08:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-09-28 21:53 - 2006-11-02 08:44 - 00374064 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-28 20:29 - 2006-11-02 08:58 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-28 20:21 - 2013-08-25 09:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-28 18:27 - 2014-05-18 07:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 17:37 - 2014-02-05 23:00 - 00002521 _____ () C:\Users\user\Desktop\HiJackThis.lnk2014-09-28 17:35 - 2013-08-22 22:34 - 00000000 ____D () C:\ProgramData\MFAData2014-09-28 12:10 - 2014-02-23 09:06 - 00054376 _____ () C:\Windows\PFRO.log2014-09-28 09:55 - 2014-02-02 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-09-28 09:42 - 2014-02-02 09:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-26 20:09 - 2014-05-18 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-26 20:09 - 2014-05-18 07:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-09-26 20:09 - 2014-01-27 22:50 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-24 20:19 - 2013-08-25 10:21 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-24 06:21 - 2013-08-25 09:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-09-24 06:21 - 2013-08-25 09:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-09-23 15:38 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache2014-09-18 12:30 - 2013-09-23 20:53 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-09-18 12:30 - 2013-09-23 20:53 - 00000000 ____D () C:\Program Files\CCleaner2014-09-17 19:29 - 2013-08-25 11:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-09-17 19:29 - 2013-08-25 11:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-09-13 09:41 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-09-13 07:42 - 2011-06-06 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-12 13:42 - 2013-08-23 02:44 - 00000000 ____D () C:\Windows\system32\MRT2014-09-12 13:37 - 2006-11-02 06:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-09-12 13:29 - 2006-11-02 06:33 - 00752234 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-05 21:45 - 2014-08-15 00:59 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps2014-09-02 20:56 - 2014-03-24 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2014-09-02 20:56 - 2014-02-23 08:55 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk Some content of TEMP:====================C:\Users\user\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 22:00 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 02Ran by user at 2014-09-28 22:07:08Running from C:\Users\user\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)ATI Catalyst Install Manager (HKLM\...\{69E7B619-A5B7-6366-ACA3-AE68CD01B69B}) (Version: 3.0.643.0 - ATI Technologies, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)AVG 2014 (Version: 14.0.4025 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4765 - AVG Technologies) HiddenAVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.15 - AVG Technologies)Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)Catalyst Control Center - Branding (HKLM\...\{D93ADCCA-3BFD-4440-836D-4E4841EBD2A8}) (Version: 1.00.0000 - ATI)Catalyst Control Center Core Implementation (Version: 2007.1011.2229.38348 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.1011.2229.38348 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.1011.2229.38348 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.1011.2229.38348 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.1011.2229.38348 - ATI) HiddenCCC Help English (Version: 2007.1011.2228.38348 - ATI) Hiddenccc-core-static (Version: 2007.1011.2229.38348 - ATI) Hiddenccc-utility (Version: 2007.1011.2229.38348 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)Dell Mobile Broadband Card Utility (HKLM\...\{EF775EA3-7AA1-49F5-A900-DCDA50610E03}) (Version: 2.09.01.023 - Novatel Wireless)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenHiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)OEM Logo and Information (HKLM\...\OEMInformation) (Version: - DELL)PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - CyberLink Corp.)PrintStik printer driver 1.0.0.14 (HKLM\...\{9E46ED7C-1CE9-4F54-B18B-20BE73BFF188}_is1) (Version: - Planon Inc.)QuickSet (HKLM\...\{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}) (Version: 8.2.14 - Dell Inc.)Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)Skins (Version: 2007.1011.2229.38348 - ATI) HiddenSonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-09-2014 14:33:32 Scheduled Checkpoint07-09-2014 20:43:42 Scheduled Checkpoint10-09-2014 11:50:13 Scheduled Checkpoint12-09-2014 17:24:03 Windows Update13-09-2014 11:25:34 Windows Update14-09-2014 21:52:06 Scheduled Checkpoint16-09-2014 10:26:12 Scheduled Checkpoint17-09-2014 00:50:35 Scheduled Checkpoint18-09-2014 21:56:31 Scheduled Checkpoint19-09-2014 10:23:47 Scheduled Checkpoint22-09-2014 22:12:50 Scheduled Checkpoint23-09-2014 18:43:08 Windows Update25-09-2014 11:44:57 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2014-09-28 17:48 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntriesTask: {53BCDAE9-CB5D-4443-8DFE-F61CE3C232D8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {5644F3ED-9577-4235-96CB-3A9A66E4F9C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25] (Google Inc.)Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2013-08-23] ()Task: {7F5DE390-8CB2-4699-8F9D-1F5C895D4652} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25] (Google Inc.)Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {90D882B7-B2A6-4D18-A3A8-2B9EAEF179D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)Task: {A36BC9A0-5C0B-442F-9F95-2917D1561E31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {B88F1AFD-6F34-43E7-A809-6B210272A841} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)Task: {BDF8C809-4B5C-411C-A148-F0C370EFDA38} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-07 15:31 - 2007-12-08 14:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE2011-06-07 15:31 - 2007-12-08 14:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll2007-07-23 15:04 - 2007-07-23 15:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL2011-06-07 14:14 - 2007-10-11 23:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll2014-09-24 20:19 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll2014-09-24 20:19 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll2014-09-24 20:19 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98587701.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98587701.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartupMSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exeMSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerMSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: systray => C:\Program Files\Dell\Dell Mobile Broadband\systray.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2228866344-1533320905-1470765764-500 - Administrator - Disabled)Guest (S-1-5-21-2228866344-1533320905-1470765764-501 - Limited - Disabled)user (S-1-5-21-2228866344-1533320905-1470765764-1000 - Administrator - Enabled) => C:\Users\user ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/28/2014 09:20:53 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (09/28/2014 08:28:48 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (09/28/2014 06:26:44 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (09/28/2014 05:52:48 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors:=============Error: (09/28/2014 09:55:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: BCM42RLY%%2 Error: (09/28/2014 09:55:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: BCM42RLY%%2 Error: (09/28/2014 09:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: BCM42RLY%%2 Error: (09/28/2014 09:54:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: BCM42RLY%%2 Error: (09/28/2014 09:54:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: vToolbarUpdater3.2.0%%2 Error: (09/28/2014 09:54:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (09/28/2014 09:21:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AvgdiskxAVGIDSDriverAVGIDSShimAvgldx86spldrWanarpv6 Error: (09/28/2014 09:21:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (09/28/2014 09:21:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer BrowserServer%%1068 Error: (09/28/2014 09:20:58 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-09-28 22:06:29.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:06:27.010 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:06:24.818 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:06:22.627 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:03:01.583 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:02:59.284 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:02:56.541 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:02:52.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:02:23.903 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-28 22:02:21.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Turion 64 X2 Mobile Technology TL-56Percentage of memory in use: 56%Total physical RAM: 1917.27 MBAvailable physical RAM: 831.52 MBTotal Pagefile: 4087.07 MBAvailable Pagefile: 2882.32 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1914.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:100.35 GB) NTFSDrive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 135C058F)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. scgirl30
    My computer in running fine now. I appreciate all of your help.
  7. scgirl30
    It seems to be fine now. Did you see anything in the logs? Are the two Trojan agents, VistaActivator.txt and VistaActivator.exe that Malwarebytes originally found a virus? I appreciate your help!
  8. scgirl30
    Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Reader 10.1.9 Adobe Reader out of Date! Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  9. scgirl30
    Here are all the requested logs, ESET did not find any threats. Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2014.02.06.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 user :: USER-PC [administrator] 2/6/2014 8:03:02 PM mbar-log-2014-02-06 (20-03-02).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 199280 Time elapsed: 13 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 0.798000 GHz Memory total: 2010406912, free: 822415360 Downloaded database version: v2014.02.02.02 Downloaded database version: v2013.12.18.01 Initializing... ======================================= ------------ Kernel report ------------ 02/02/2014 08:21:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\DRVMCDB.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avglogx.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\system32\DRIVERS\avgidshx.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\bcmwl6.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\NWADIenum.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\VSTAZL3.SYS \SystemRoot\system32\DRIVERS\VSTDPV3.SYS \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\avgfwd6x.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\DRIVERS\avgtdix.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\nwdelmdm.sys \SystemRoot\system32\DRIVERS\nwdelser.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\Drivers\DLADResM.SYS \SystemRoot\System32\Drivers\DLAIFS_M.SYS \SystemRoot\System32\Drivers\DLAOPIOM.SYS \SystemRoot\System32\Drivers\DLAPoolM.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\Drivers\DLABMFSM.SYS \SystemRoot\System32\Drivers\DLABOIOM.SYS \SystemRoot\System32\Drivers\DLAUDFAM.SYS \SystemRoot\System32\Drivers\DLAUDF_M.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\TrueSight.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85354ac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\ Lower Device Object: 0xffffffff8492cb98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85354ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff853547b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85354ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff84935918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8492cb98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 135C058F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 312371200 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Read File: File "c:\programdata\avg2013\chjw\b854cb2854cae868.dat:a10b8e1d-43dd-4448-a57a-852c769e0414" is sparse (flags = 32768) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcfg.log.1" is compressed (flags = 1) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgss.log.1" is compressed (flags = 1) Read File: File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013\log\avgcore.log.1" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 0.798000 GHz Memory total: 2010406912, free: 955523072 Downloaded database version: v2014.02.06.10 Downloaded database version: v2013.12.18.01 ======================================= Initializing... ------------ Kernel report ------------ 02/06/2014 20:02:54 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\Drivers\DRVMCDB.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\avgrkx86.sys \SystemRoot\system32\DRIVERS\avglogx.sys \SystemRoot\system32\DRIVERS\avgmfx86.sys \SystemRoot\system32\DRIVERS\avgidshx.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\bcmwl6.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\bcm4sbxp.sys \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimmptsk.sys \SystemRoot\system32\DRIVERS\rimsptsk.sys \SystemRoot\system32\DRIVERS\rixdptsk.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\NWADIenum.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\VSTAZL3.SYS \SystemRoot\system32\DRIVERS\VSTDPV3.SYS \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\avgfwd6x.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\DRIVERS\avgtdix.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\avgldx86.sys \SystemRoot\system32\DRIVERS\nwdelmdm.sys \SystemRoot\system32\DRIVERS\nwdelser.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\avgidsshimx.sys \SystemRoot\system32\DRIVERS\avgidsdriverx.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\Drivers\DLADResM.SYS \SystemRoot\System32\Drivers\DLAIFS_M.SYS \SystemRoot\System32\Drivers\DLAOPIOM.SYS \SystemRoot\System32\Drivers\DLAPoolM.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\Drivers\DLABMFSM.SYS \SystemRoot\System32\Drivers\DLABOIOM.SYS \SystemRoot\System32\Drivers\DLAUDFAM.SYS \SystemRoot\System32\Drivers\DLAUDF_M.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8527aac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff84987b98 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8527aac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8527a7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8527aac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff84940918, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff84987b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 135C058F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 312371200 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Read File: File "c:\programdata\avg2013\chjw\b854cb2854cae868.dat:abdcd574-a8d1-4f51-b524-4c7a9653dd4b" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows Vista Home Basic x86 Ran by user on Thu 02/06/2014 at 20:27:40.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 02/06/2014 at 20:31:08.33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.018 - Report created 06/02/2014 at 20:43:12 # Updated 28/01/2014 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : user - USER-PC # Running from : C:\Users\user\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [858 octets] - [06/02/2014 20:39:50] AdwCleaner[s0].txt - [784 octets] - [06/02/2014 20:43:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [843 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.06.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 user :: USER-PC [administrator] 2/6/2014 8:52:08 PM mbam-log-2014-02-06 (20-52-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197808 Time elapsed: 9 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014 Ran by user (administrator) on USER-PC on 08-02-2014 04:45:00 Running from C:\Users\user\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe () C:\Windows\System32\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9AC0B993971ACF01 SearchScopes: HKLM - DefaultScope value is missing. BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 205.152.144.23 205.152.132.23 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27] ========================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) R2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) R2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) R2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) R2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) R2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) R2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) R2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) R3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [166144 2007-11-02] (Novatel Wireless Inc.) R3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [166144 2007-11-02] (Novatel Wireless Inc.) S3 WideUSB; C:\Windows\System32\DRIVERS\WideUSB.sys [36584 2013-11-04] (6Ci) S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NvtSp50; System32\Drivers\NvtSp50.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-08 04:45 - 2014-02-08 04:45 - 00007908 _____ () C:\Users\user\Downloads\FRST.txt 2014-02-08 04:44 - 2014-02-08 04:45 - 00000000 ____D () C:\FRST 2014-02-08 04:44 - 2014-02-08 04:44 - 01136640 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2014-02-07 06:40 - 2014-02-07 06:40 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu (3).exe 2014-02-06 21:02 - 2014-02-06 21:02 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu (2).exe 2014-02-06 20:46 - 2014-02-06 20:46 - 00000922 _____ () C:\Users\user\Desktop\AdwCleaner[s0].txt 2014-02-06 20:39 - 2014-02-06 20:43 - 00000000 ____D () C:\AdwCleaner 2014-02-06 20:39 - 2014-02-06 20:39 - 01166132 _____ () C:\Users\user\Downloads\AdwCleaner.exe 2014-02-06 20:31 - 2014-02-06 20:31 - 00000764 _____ () C:\Users\user\Desktop\JRT.txt 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Windows\ERUNT 2014-02-06 20:26 - 2014-02-06 20:26 - 01037530 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-02-06 19:56 - 2014-02-06 20:00 - 12589848 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1009 (1).exe 2014-02-06 18:04 - 2014-02-06 18:04 - 00001517 _____ () C:\Users\user\Desktop\RKreport[0]_S_02062014_180454.txt 2014-02-06 18:02 - 2014-02-06 18:02 - 03796480 _____ () C:\Users\user\Downloads\RogueKiller (2).exe 2014-02-06 17:56 - 2014-02-06 17:57 - 03792384 _____ () C:\Users\user\Downloads\RogueKiller (1).exe 2014-02-06 17:56 - 2014-02-06 17:56 - 00000000 ____D () C:\Windows\ERDNT 2014-02-06 17:55 - 2014-02-06 17:55 - 00000733 _____ () C:\Users\user\Desktop\NTREGOPT.lnk 2014-02-06 17:55 - 2014-02-06 17:55 - 00000714 _____ () C:\Users\user\Desktop\ERUNT.lnk 2014-02-06 17:55 - 2014-02-06 17:55 - 00000000 ____D () C:\Program Files\ERUNT 2014-02-06 17:54 - 2014-02-06 17:55 - 00791393 _____ (Lars Hederer ) C:\Users\user\Downloads\erunt-setup.exe 2014-02-06 17:53 - 2014-02-06 17:54 - 00002236 _____ () C:\Users\user\Desktop\Rkill.txt 2014-02-06 17:53 - 2014-02-06 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe 2014-02-05 22:00 - 2014-02-05 22:09 - 00002521 _____ () C:\Users\user\Desktop\HiJackThis.lnk 2014-02-05 22:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-02-05 22:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Program Files\Trend Micro 2014-02-05 21:59 - 2014-02-05 21:59 - 01402880 _____ () C:\Users\user\Downloads\HijackThis.msi 2014-02-02 08:49 - 2014-02-02 08:49 - 00688992 _____ (Swearware) C:\Users\user\Downloads\dds.com 2014-02-02 08:49 - 2014-02-02 08:49 - 00007567 _____ () C:\Users\user\Desktop\attach.txt 2014-02-02 08:49 - 2014-02-02 08:48 - 00008900 _____ () C:\Users\user\Desktop\dds.txt 2014-02-02 08:26 - 2014-02-02 08:26 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr 2014-02-02 08:21 - 2014-02-06 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-02 08:20 - 2014-02-06 20:16 - 00000000 ____D () C:\Users\user\Desktop\mbar 2014-02-02 08:20 - 2014-02-06 20:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-02 08:18 - 2014-02-02 08:19 - 12589848 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1009.exe 2014-02-02 07:30 - 2014-02-02 08:07 - 00000000 ____D () C:\Users\user\Desktop\RK_Quarantine 2014-02-02 07:30 - 2014-02-02 07:30 - 03794432 _____ () C:\Users\user\Downloads\RogueKiller.exe 2014-01-30 20:01 - 2014-01-30 20:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-01-27 21:50 - 2014-01-27 21:50 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-01-27 21:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-01-27 21:44 - 2014-01-27 21:44 - 00002608 _____ () C:\Users\user\Documents\cc_20140127_214422.reg 2014-01-26 10:24 - 2014-01-26 10:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-01-26 09:52 - 2014-01-26 09:52 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-01-26 09:14 - 2014-01-26 09:52 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-01-26 09:14 - 2014-01-26 09:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-01-26 09:14 - 2014-01-26 09:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-01-19 06:44 - 2014-01-19 06:44 - 00001062 _____ () C:\Users\user\Documents\cc_20140119_064454.reg ==================== One Month Modified Files and Folders ======= 2014-02-08 04:45 - 2014-02-08 04:45 - 00007908 _____ () C:\Users\user\Downloads\FRST.txt 2014-02-08 04:45 - 2014-02-08 04:44 - 00000000 ____D () C:\FRST 2014-02-08 04:44 - 2014-02-08 04:44 - 01136640 _____ (Farbar) C:\Users\user\Downloads\FRST.exe 2014-02-08 04:43 - 2013-08-22 21:34 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-08 04:40 - 2006-11-02 07:49 - 01157118 _____ () C:\Windows\WindowsUpdate.log 2014-02-08 04:37 - 2013-08-25 09:17 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-08 04:37 - 2006-11-02 07:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-08 04:37 - 2006-11-02 07:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-08 04:36 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-07 22:57 - 2006-11-02 07:58 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-07 22:36 - 2013-08-25 09:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-07 07:21 - 2013-08-25 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-07 06:40 - 2014-02-07 06:40 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu (3).exe 2014-02-06 21:02 - 2014-02-06 21:02 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu (2).exe 2014-02-06 20:46 - 2014-02-06 20:46 - 00000922 _____ () C:\Users\user\Desktop\AdwCleaner[s0].txt 2014-02-06 20:43 - 2014-02-06 20:39 - 00000000 ____D () C:\AdwCleaner 2014-02-06 20:39 - 2014-02-06 20:39 - 01166132 _____ () C:\Users\user\Downloads\AdwCleaner.exe 2014-02-06 20:31 - 2014-02-06 20:31 - 00000764 _____ () C:\Users\user\Desktop\JRT.txt 2014-02-06 20:27 - 2014-02-06 20:27 - 00000000 ____D () C:\Windows\ERUNT 2014-02-06 20:26 - 2014-02-06 20:26 - 01037530 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe 2014-02-06 20:16 - 2014-02-02 08:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-06 20:16 - 2014-02-02 08:20 - 00000000 ____D () C:\Users\user\Desktop\mbar 2014-02-06 20:01 - 2014-02-02 08:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-06 20:00 - 2014-02-06 19:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1009 (1).exe 2014-02-06 18:04 - 2014-02-06 18:04 - 00001517 _____ () C:\Users\user\Desktop\RKreport[0]_S_02062014_180454.txt 2014-02-06 18:02 - 2014-02-06 18:02 - 03796480 _____ () C:\Users\user\Downloads\RogueKiller (2).exe 2014-02-06 17:57 - 2014-02-06 17:56 - 03792384 _____ () C:\Users\user\Downloads\RogueKiller (1).exe 2014-02-06 17:56 - 2014-02-06 17:56 - 00000000 ____D () C:\Windows\ERDNT 2014-02-06 17:55 - 2014-02-06 17:55 - 00000733 _____ () C:\Users\user\Desktop\NTREGOPT.lnk 2014-02-06 17:55 - 2014-02-06 17:55 - 00000714 _____ () C:\Users\user\Desktop\ERUNT.lnk 2014-02-06 17:55 - 2014-02-06 17:55 - 00000000 ____D () C:\Program Files\ERUNT 2014-02-06 17:55 - 2014-02-06 17:54 - 00791393 _____ (Lars Hederer ) C:\Users\user\Downloads\erunt-setup.exe 2014-02-06 17:54 - 2014-02-06 17:53 - 00002236 _____ () C:\Users\user\Desktop\Rkill.txt 2014-02-06 17:53 - 2014-02-06 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe 2014-02-05 22:09 - 2014-02-05 22:00 - 00002521 _____ () C:\Users\user\Desktop\HiJackThis.lnk 2014-02-05 22:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-02-05 22:00 - 2014-02-05 22:00 - 00000000 ____D () C:\Program Files\Trend Micro 2014-02-05 22:00 - 2011-06-06 17:32 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore 2014-02-05 21:59 - 2014-02-05 21:59 - 01402880 _____ () C:\Users\user\Downloads\HijackThis.msi 2014-02-05 05:21 - 2013-08-25 08:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 05:21 - 2013-08-25 08:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 21:53 - 2013-08-25 09:21 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-02 08:49 - 2014-02-02 08:49 - 00688992 _____ (Swearware) C:\Users\user\Downloads\dds.com 2014-02-02 08:49 - 2014-02-02 08:49 - 00007567 _____ () C:\Users\user\Desktop\attach.txt 2014-02-02 08:48 - 2014-02-02 08:49 - 00008900 _____ () C:\Users\user\Desktop\dds.txt 2014-02-02 08:26 - 2014-02-02 08:26 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr 2014-02-02 08:19 - 2014-02-02 08:18 - 12589848 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1009.exe 2014-02-02 08:07 - 2014-02-02 07:30 - 00000000 ____D () C:\Users\user\Desktop\RK_Quarantine 2014-02-02 07:30 - 2014-02-02 07:30 - 03794432 _____ () C:\Users\user\Downloads\RogueKiller.exe 2014-02-01 07:50 - 2013-08-22 19:59 - 00000000 ____D () C:\ProgramData\Novatel Wireless 2014-01-30 20:01 - 2014-01-30 20:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-01-27 21:50 - 2014-01-27 21:50 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-01-27 21:50 - 2014-01-27 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-01-27 21:44 - 2014-01-27 21:44 - 00002608 _____ () C:\Users\user\Documents\cc_20140127_214422.reg 2014-01-26 10:24 - 2014-01-26 10:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-01-26 09:52 - 2014-01-26 09:52 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-01-26 09:52 - 2014-01-26 09:14 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-01-26 09:19 - 2013-08-25 09:34 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe 2014-01-26 09:14 - 2014-01-26 09:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-01-26 09:14 - 2014-01-26 09:14 - 00000000 ____D () C:\ProgramData\McAfee 2014-01-19 06:44 - 2014-01-19 06:44 - 00001062 _____ () C:\Users\user\Documents\cc_20140119_064454.reg 2014-01-15 19:43 - 2011-06-06 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-15 19:42 - 2013-08-23 01:44 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-15 19:38 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-15 19:19 - 2013-08-25 10:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe Some content of TEMP: ==================== C:\Users\user\AppData\Local\Temp\ntdll_dump.dll C:\Users\user\AppData\Local\Temp\Quarantine.exe C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\user\AppData\Local\Temp\System.Data.SQLite37605.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 04:43 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014 Ran by user at 2014-02-08 04:45:58 Running from C:\Users\user\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated) ATI Catalyst Install Manager (Version: 3.0.643.0 - ATI Technologies, Inc.) AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3697 - AVG Technologies) Hidden AVG 2013 (Version: 2013.0.3462 - AVG Technologies) Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01 - Broadcom Corporation) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2007.1011.2229.38348 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2007.1011.2229.38348 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2007.1011.2229.38348 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2007.1011.2229.38348 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2007.1011.2229.38348 - ATI) Hidden CCC Help English (Version: 2007.1011.2228.38348 - ATI) Hidden ccc-core-static (Version: 2007.1011.2229.38348 - ATI) Hidden ccc-utility (Version: 2007.1011.2229.38348 - ATI) Hidden CCleaner (Version: 4.08 - Piriform) Cisco EAP-FAST Module (Version: 2.0.26 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.11 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.0.12 - Cisco Systems, Inc.) Dell Mobile Broadband Card Utility (Version: 2.09.01.023 - Novatel Wireless) Dell Touchpad (Version: 9.1.18.6 - Synaptics) Dell Wireless WLAN Card (Version: 4.170.25.12 - Dell Inc.) ERUNT 1.1j (Version: - Lars Hederer) Google Chrome (Version: 32.0.1700.107 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden HiJackThis (Version: 1.0.0 - Trend Micro) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) OEM Logo and Information (Version: - DELL) PowerDVD DX (Version: 8.2.5024 - CyberLink Corp.) PrintStik printer driver 1.0.0.14 (Version: - Planon Inc.) QuickSet (Version: 8.2.14 - Dell Inc.) Roxio Activation Module (Version: 1.0 - Roxio) Roxio Creator Audio (Version: 3.5.0 - Roxio) Roxio Creator Copy (Version: 3.5.0 - Roxio) Roxio Creator Data (Version: 3.5.0 - Roxio) Roxio Creator DE (Version: 3.5.0 - Roxio) Roxio Creator Tools (Version: 3.5.0 - Roxio) Roxio Drag-to-Disc (Version: 9.1 - Roxio) Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Roxio Update Manager (Version: 6.0.0 - Roxio) Skins (Version: 2007.1011.2229.38348 - ATI) Hidden Sonic CinePlayer Decoder Pack (Version: 4.2.0 - Sonic Solutions) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) ==================== Restore Points ========================= 25-12-2013 14:36:24 Scheduled Checkpoint 28-12-2013 12:41:59 Scheduled Checkpoint 29-12-2013 18:14:00 Scheduled Checkpoint 30-12-2013 23:59:14 Scheduled Checkpoint 16-01-2014 00:37:59 Windows Update 26-01-2014 18:48:21 Scheduled Checkpoint 31-01-2014 00:38:00 Device Driver Package Install: AVG Technologies Network Service 02-02-2014 14:56:59 Scheduled Checkpoint 06-02-2014 02:59:41 Installed HiJackThis 07-02-2014 03:45:43 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries Task: {53BCDAE9-CB5D-4443-8DFE-F61CE3C232D8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {5644F3ED-9577-4235-96CB-3A9A66E4F9C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25] (Google Inc.) Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2013-08-23] () Task: {7F5DE390-8CB2-4699-8F9D-1F5C895D4652} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25] (Google Inc.) Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {90D882B7-B2A6-4D18-A3A8-2B9EAEF179D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation) Task: {A36BC9A0-5C0B-442F-9F95-2917D1561E31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated) Task: {B88F1AFD-6F34-43E7-A809-6B210272A841} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation) Task: {BDF8C809-4B5C-411C-A148-F0C370EFDA38} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-07 13:14 - 2007-10-11 22:01 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2007-07-23 14:04 - 2007-07-23 14:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL 2014-01-16 20:17 - 2014-01-16 20:17 - 04591616 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-01-16 20:17 - 2014-01-16 20:17 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2014-02-03 21:53 - 2014-02-01 18:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll 2014-02-03 21:53 - 2014-02-01 18:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll 2014-02-03 21:53 - 2014-02-01 18:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll 2014-02-03 21:53 - 2014-02-01 18:42 - 13616456 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (02/08/2014 04:38:06 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/08/2014 04:38:06 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/08/2014 04:38:06 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/08/2014 04:38:06 AM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/08/2014 04:38:06 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (02/07/2014 10:56:42 PM) (Source: Service Control Manager) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (02/07/2014 10:56:34 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (02/07/2014 10:28:43 PM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/07/2014 10:28:42 PM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Error: (02/07/2014 10:26:55 PM) (Source: Service Control Manager) (User: ) Description: BCM42RLY%%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-02-08 04:45:52.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:52.359 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:52.026 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:51.704 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:51.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:51.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:50.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:50.412 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:31.712 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. Date: 2014-02-08 04:45:31.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 1917.27 MB Available physical RAM: 975.41 MB Total Pagefile: 4089.08 MB Available Pagefile: 2948.77 MB Total Virtual: 2047.88 MB Available Virtual: 1908.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:104.87 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 135C058F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. scgirl30
    Here is the requested Rouge Killer report. Thanks RogueKiller V8.8.5 [Feb 3 2014] by Tigzymail : tigzyRK<at>gmail<dot>comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : user [Admin rights]Mode : Scan -- Date : 02/06/2014 18:04:54| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCC08333C) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545016B9A300 ATA Device +++++--- User ---[MBR] 67030abd65a91200b99ff354cad3b561[bSP] 668b93108f8ac706de5ac2055d6595bc : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02062014_180454.txt >>
  11. scgirl30
    Hello, My computer randomly runs very slow. I ran malwarebytes, it found two Trojan agents, VistaActivator.txt and VistaActivator.exe. I deleted both of them. I also ran rouge killer and it appeared to find something called EAT@explorer.exe. Here are the requested logs. Thanks for your help. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16526Run by user at 8:48:16 on 2014-02-02Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.913 [GMT -5:00].AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\System32\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\AVG\AVG2013\avgfws.exeC:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\AVG\AVG2013\avgemcx.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\AVG\AVG2013\avgui.exeC:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uProxyOverride = <-loopback>BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllmRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLYmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [browserSafeguard] "c:\program files\browsersafeguard\BrowserSafeguard.exe"mRunOnce: [browsersafeguard-rockettab-pitch-alone Data Uninstall] cmd /C rd /Q /S "c:\program files\Browsersafeguard"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 205.152.144.23 205.152.132.23TCP: Interfaces\{E708C9A7-BE01-43EC-A42B-F86A5DE3A6CD} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1TCP: Interfaces\{EC0C2B1A-9955-4C52-A37F-1E73FAE05D80} : DHCPNameServer = 205.152.144.23 205.152.132.23Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-10-23 1432080]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-8-24 21504]R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]S3 WideUSB;WideUSB Generic USB Bulk Service;c:\windows\system32\drivers\WideUSB.sys [2013-11-4 36584]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856].=============== Created Last 30 ================.2014-02-02 13:21:30 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-02-02 13:21:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-02-02 13:20:10 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-02-02 12:24:56 -------- d-----w- c:\program files\Browsersafeguard2014-01-31 01:01:55 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2014-01-28 02:50:38 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes2014-01-28 02:50:10 -------- d-----w- c:\programdata\Malwarebytes2014-01-28 02:50:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-28 02:50:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-26 15:24:15 -------- d-----w- c:\programdata\Kaspersky Lab2014-01-26 14:14:52 -------- d-----w- c:\programdata\McAfee Security Scan2014-01-26 14:14:41 -------- d-----w- c:\program files\McAfee Security Scan.==================== Find3M ====================.2014-01-26 14:14:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-01-26 14:14:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-11-25 06:48:36 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-11-04 17:32:25 36584 ----a-w- c:\windows\system32\drivers\WideUSB.sys2013-11-04 17:30:18 1174979 ----a-w- c:\program files\unins000.exe.============= FINISH: 8:48:46.15 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1Install Date: 6/6/2011 9:21:00 PMSystem Uptime: 2/2/2014 7:00:27 AM (1 hours ago).Motherboard: Dell Inc. | | 0KY766Processor: AMD Turion 64 X2 Mobile Technology TL-56 | Microprocessor | 1800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 101.532 GiB free.D: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================.Adobe Flash Player 12 ActiveXAdobe Reader X (10.1.9)ATI Catalyst Install ManagerAVG 2013Broadcom 440x 10/100 Integrated ControllerCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews Vistaccc-core-staticccc-utilityCCC Help EnglishCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleDell Mobile Broadband Card UtilityDell TouchpadDell Wireless WLAN CardGoogle ChromeGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Malwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219OEM Logo and InformationPowerDVD DXPrintStik printer driver 1.0.0.14QuickSetRoxio Activation ModuleRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express Labeler 3Roxio Update ManagerSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition SkinsSonic CinePlayer Decoder PackUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665).==== End Of File ===========================
  12. scgirl30
    The scan keeps freezing at 30% to 35% in step 3 of 4. I will keep trying, any other suggestions?
  13. scgirl30
    I had to do step one a little different due to me having AVG 2013. I followed the Avg 2011 instructions, the first two exceptions were fine but on the third exceptions I was only able to select mbam.sys, not mbamswissarmy.sys. The requested logs are below. MB did not find anything today so I posted yesterdays log. Thanks for you assistance. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.08.10.04 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Duane Lap :: DUANELAP-PC [administrator] Protection: Enabled 8/10/2013 7:02:25 PMmbam-log-2013-08-10 (19-02-25).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 236897Time elapsed: 39 minute(s), 15 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Users\Duane Lap\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.C:\Users\Duane Lap\Downloads\dragons_lair_chd_mame_downloader_us_99329.exe (PUP.Optional.YourFileDownloader) -> Quarantined and deleted successfully. (end) RogueKiller V8.6.5 [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Duane Lap [Admin rights]Mode : Scan -- Date : 08/11/2013 18:15:34| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 88744581 (C:\Windows\system32\DRIVERS\88744581.sys [7]) -> FOUND[sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 88744581 (C:\Windows\system32\DRIVERS\88744581.sys [7]) -> FOUND[sERVICE][ROGUE ST] HKLM\[...]\CS003\[...]\Services : 88744581 (C:\Windows\system32\DRIVERS\88744581.sys [7]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM160HI ATA Device +++++--- User ---[MBR] 0e7d8e7807cee3798de8d7bc9be41631[bSP] 70162c37983db158c142ea96ca50514d : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 139763 Mo3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307335168 | Size: 2560 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08112013_181534.txt >>
  14. scgirl30
    My computer appears to be infested, it is extremely slow. I have Malwarebytes pro installed, and ran the quick scan but it did not resolve the issue. This has been an ongoing problem for a while, when its slowest the "enable malicious websites" protection on Malwarebytes pro get turned off by my malware (I assume). I appreciate you help. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16496Run by Duane Lap at 19:05:06 on 2013-08-10Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.715 [GMT -4:00].AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\AVG\AVG2013\avgemcx.exeC:\Windows\system32\STacSV.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Windows\sttray.exeC:\Program Files\AVG\AVG2013\avgui.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"mRun: [sigmatelSysTrayApp] sttray.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLYmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmTCP: NameServer = 205.152.144.23 205.152.132.23TCP: Interfaces\{82049504-87AC-4965-A70D-971716F93F00} : DHCPNameServer = 205.152.144.23 205.152.132.23Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 88744581;88744581;c:\windows\system32\drivers\88744581.sys [2013-6-23 133208]R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-4-27 12672]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-22 22856]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-10 40776]R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]S3 PCD5SRVC{FBEA8B78-1B22F121-05040104};PCD5SRVC{FBEA8B78-1B22F121-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 WideUSB;WideUSB Generic USB Bulk driver;c:\windows\system32\drivers\WideUSB.sys [2009-9-19 23936]S4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-9-13 92288].=============== File Associations ===============.ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1".=============== Created Last 30 ================.2013-08-10 22:58:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-07-24 10:52:10 -------- d-----w- c:\users\duane lap\appdata\local\Apple Computer2013-07-24 10:36:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2013-07-24 10:36:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2013-07-24 10:36:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2013-07-24 10:36:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2013-07-24 10:36:01 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2013-07-24 10:32:01 -------- d-----w- c:\users\duane lap\appdata\local\Apple2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys.==================== Find3M ====================.2013-07-10 05:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-06-23 12:03:13 133208 ----a-w- c:\windows\system32\drivers\88744581.sys2013-06-12 10:45:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-12 10:45:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb.============= FINISH: 19:08:48.82 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3Install Date: 9/13/2007 7:09:30 AMSystem Uptime: 8/10/2013 5:54:50 PM (2 hours ago).Motherboard: Dell Inc. | | 0KY766Processor: AMD Turion 64 X2 Mobile Technology TL-56 | Microprocessor | 800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 136 GiB total, 71.495 GiB free.D: is FIXED (NTFS) - 10 GiB total, 6.535 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0002Manufacturer: MicrosoftName: isatap.{9D508013-5917-4415-AC2F-82224B58F451}PNP Device ID: ROOT\*ISATAP\0002Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Tun Miniport AdapterDevice ID: ROOT\*TUNMP\0001Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TUNMP\0001Service: tunmp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Tun Miniport AdapterDevice ID: ROOT\*TUNMP\0002Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TUNMP\0002Service: tunmp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Tun Miniport AdapterDevice ID: ROOT\*TUNMP\0003Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TUNMP\0003Service: tunmp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Tun Miniport AdapterDevice ID: ROOT\*TUNMP\0004Manufacturer: MicrosoftName: Teredo Tunneling Pseudo-InterfacePNP Device ID: ROOT\*TUNMP\0004Service: tunmp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Dell Wireless 1490 Dual Band WLAN Mini-CardDevice ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&6C715DF&0&0028Manufacturer: BroadcomName: Dell Wireless 1490 Dual Band WLAN Mini-CardPNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&6C715DF&0&0028Service: BCM43XX.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Deskjet 6980 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Deskjet 6980 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}Description: Deskjet 6980 seriesDevice ID: ROOT\PRINTER\0000Manufacturer: HPName: Deskjet 6980 seriesPNP Device ID: ROOT\PRINTER\0000Service: .Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}Description: Deskjet 6980 seriesDevice ID: ROOT\PRINTER\0001Manufacturer: HPName: Deskjet 6980 seriesPNP Device ID: ROOT\PRINTER\0001Service: .==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Apple Application SupportApple Software UpdateATI Catalyst Control CenterATI Catalyst Install ManagerATI PCI Express (3GIO) Filter DriverAVG 2013Banctec Service AgreementBroadcom 440x 10/100 Integrated ControllerBroadcom Management ProgramsBufferChmCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews VistaCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization Chinese TraditionalCatalyst Control Center Localization DanishCatalyst Control Center Localization DutchCatalyst Control Center Localization FinnishCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization ItalianCatalyst Control Center Localization JapaneseCatalyst Control Center Localization KoreanCatalyst Control Center Localization NorwegianCatalyst Control Center Localization PortugueseCatalyst Control Center Localization RussianCatalyst Control Center Localization SpanishCatalyst Control Center Localization Swedishccc-Brandingccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConexant HDA D330 MDC V.92 ModemCPUID HWMonitor 1.15CustomerResearchQFolderD3DX10Dell DataSafe OnlineDell Mobile Broadband Card UtilityDell Support Center (Support Software)Dell System Customization WizardDell TouchpadDell Wireless WLAN CardDellSupportDestinationsDeviceManagementQFolderDigital Line Detectdj6980Easy Chef's Million RecipeseSupportQFolderGames, Music, & Photos LauncherGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hoyle Board Games 2007Hoyle Card Games 2007Hoyle Casino 2007Hoyle Puzzle Games 2007HP Customer Participation Program 8.0HP Deskjet Printer Driver Software. 8.0.BHP Imaging Device Functions 8.0HP Photosmart EssentialHP Product AssistantHP Solution Center 8.0HP UpdateHPProductAssistantHPSSupplyImage PluginJunk Mail filter updateLP6980_HelpLP6980TrbMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMediaDirectMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksModem Diagnostic ToolMSVC80_x86_v2MSVCRTMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetDeviceManagerNetWaitingOGA Notifier 2.0.0048.0OutlookAddinSetupPrintStik printer driver 1.0.0.9Product Documentation LauncherQuickSetQuickTimeRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express LabelerRoxio MyDVD DERoxio Update ManagerSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UISF_CDB_ProductContextSF_CDB_SoftwareShared C Run-time for x86SigmaTel AudioSkinsSolutionCenterSonic Activation ModuleStatusSUPERAntiSpyware Free EditionswMSMToolboxTrayAppUnloadSupportUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)URL AssistantUser's GuidesWebRegWIDCOMM Bluetooth Software 6.0.1.3100Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWise Registry Cleaner 7.63Yahoo! Music Jukebox.==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.