Jump to content

mrbartol

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by mrbartol

  1. I'm not surprised. My kids download Minecraft stuff all the time, and take all the junk that comes with it. I try to remove all the software and toolbars, but don't have all the tools you've used to clean it up. Are AdwCleaner and Junkware Removel Tool good for periodic cleanings? Here's the log. Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader 9 Adobe Reader XI Mozilla Thunderbird (17.0.8) Google Chrome 22.0.1229.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe CyberPatrol LLC CyberPatrol cphq.exe CyberPatrol LLC CyberPatrol cpserver.exe CyberPatrol LLC CyberPatrol cpACtrl.exe CyberPatrol LLC CyberPatrol cpCCtrl.exe CyberPatrol LLC CyberPatrol cpkbinst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  2. Here's the JRT log and the Malwarebytes report. Everything seems to be running fine, though I keep getting messages in Internet Explorer about whether I'm in a secure server mode or not. I just clicked the "Don't show this message again" box, but it was happening on every keystroke. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.6 (08.30.2013:1) OS: Windows 7 Home Premium x64 Ran by Mark on Sat 08/31/2013 at 14:26:51.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3244149 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3247201 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282134 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{370D9A6D-6BF3-4384-98E5-DECC4D803723} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2FCFBC2-AFC0-488E-93B6-71B405A32980} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BAFCD1D0-15CE-41AB-A5B2-B82CB04C4639} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Mark\AppData\LocalLow\FCTB000100567 Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Users\Mark\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Users\Mark\AppData\Roaming\strongvault" Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\defineext" Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\stronghold_llc" Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\strongvault" Successfully deleted: [Folder] "C:\Users\Mark\appdata\local\torch" Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\inboxace_1g" Successfully deleted: [Folder] "C:\Users\Mark\appdata\locallow\surfcanyon" Successfully deleted: [Folder] "C:\Users\Mark\AppData\Roaming\microsoft\windows\start menu\programs\system progressive protection" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{28748757-86D4-40D6-AEF0-940CFA816941} Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{61BCDB8D-655F-4709-B6B6-088ED386B885} Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{8537FE97-F35C-4763-A10C-764063155DC7} Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{C5C3E8D0-3648-40CE-A2A4-2B7542AE4265} Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{D294400A-CD8D-49D4-99AF-C7FB6AEEE7BA} Successfully deleted: [Empty Folder] C:\Users\Mark\appdata\local\{E405A21B-34F2-48A1-8305-63B2924476DB} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/31/2013 at 14:32:52.41 End of JRT log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mark :: INSPIRON [administrator] 8/31/2013 2:38:45 PM mbam-log-2013-08-31 (14-38-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223965 Time elapsed: 3 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. OK, here are the logs. AdwCleaner didn't find anything I needed. A few things I recognized but don't want. # AdwCleaner v3.001 - Report created 31/08/2013 at 14:20:11 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Mark - INSPIRON # Running from : C:\Users\Mark\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\PC Optimizer Pro Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Users\Mark\AppData\Local\Conduit Folder Deleted : C:\Users\Mark\AppData\Local\visi_coupon Folder Deleted : C:\Users\Mark\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Mark\AppData\LocalLow\Funmoods Folder Deleted : C:\Users\Mark\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Mark\AppData\LocalLow\searchresultstb Folder Deleted : C:\Users\Mark\AppData\Roaming\Babylon Folder Deleted : C:\Users\Mark\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Mark\AppData\Roaming\yourfiledownloader File Deleted : C:\END File Deleted : C:\Users\Mark\AppData\Local\funmoods.crx File Deleted : C:\Users\Mark\AppData\Local\funmoods-speeddial.crx File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js File Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage File Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\driverscanner Key Deleted : HKLM\SOFTWARE\Classes\f Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS Key Deleted : HKCU\Software\f57dfdbb23bbd47 Key Deleted : HKLM\SOFTWARE\f57dfdbb23bbd47 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pivot-stickfigure-animator[1]_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pivot-stickfigure-animator[1]_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [#] Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\pc optimizer pro Key Deleted : HKCU\Software\SocialBit Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\CompeteInc Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKLM\Software\YourFileDownloader ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Google Chrome v22.0.1229.95 [ File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13902 octets] - [31/08/2013 14:15:36] AdwCleaner[s0].txt - [12902 octets] - [31/08/2013 14:20:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12963 octets] ##########
  4. Logs follow. One thing had to be fixed - Adobe .exe file, but good in the second pass. Internet access working. Windows Update failed on one of 6 optional updates. Samsung printer update. I tried to stop the Samsung services in Task Manager, but it gave me an "Access Denied" error. Windows firewall says it's being managed by McAfee firewall, which is on. Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.08.31.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mark :: INSPIRON [administrator] 8/31/2013 10:31:32 AM mbar-log-2013-08-31 (10-31-32).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 249476 Time elapsed: 10 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_23 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 6399582208, free: 4521156608 Downloaded database version: v2013.08.31.03 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ------------ Kernel report ------------ 08/31/2013 10:12:00 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk5\DR6 Upper Device Object: 0xfffffa8008605790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000089\ Lower Device Object: 0xfffffa8005b19b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8007e84410 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007d\ Lower Device Object: 0xfffffa8007e79b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8007e85060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xfffffa8007e701e0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8007e8e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xfffffa8007e79060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007e83060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xfffffa8007e74750 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80065b9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80062bf680 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80065b9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800640d9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80065b9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80062c3520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80062bf680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C648A420 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 28962816 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 29044736 Numsec = 1924476928 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8007e83060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007e83b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e83060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007e74750, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8007e8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007e8eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e8e060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007e79060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8007e85060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007e85b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e85060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007e701e0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8007e84410, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007e86040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e84410, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007e79b60, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xfffffa8008605790, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005bc55b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008605790, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005b19b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 7837664 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4012900352 bytes Sector size: 512 bytes Done! Error referencing handle to "\DosDevices\I:", status 0xc0000034 Infected: C:\Users\Mark\Downloads\PDFReaderSetup.exe --> [Adware.Agent] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_5_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_5_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_23 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 6399582208, free: 4817092608 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 Java version: 1.6.0_23 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 6399582208, free: 4530221056 ======================================= Initializing... ------------ Kernel report ------------ 08/31/2013 10:31:28 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80072455d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007e\ Lower Device Object: 0xfffffa8007240060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800723e410 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007d\ Lower Device Object: 0xfffffa8007240b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8007241790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xfffffa80072373e0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80072425d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xfffffa8006eb0b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006589060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800627d060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006589060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80063deb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006589060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800627b580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800627d060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C648A420 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 28962816 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 29044736 Numsec = 1924476928 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa80072425d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007241040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80072425d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006eb0b60, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8007241790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007245040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007241790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80072373e0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800723e410, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007a3e040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800723e410, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007240b60, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa80072455d0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007a3eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80072455d0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007240060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished
  5. System starts normally now. Fixlog below. MBAR is running. Will post those logs shortly. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2013 03 Ran by SYSTEM at 2013-08-31 10:03:53 Run:1 Running from F:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Mark\...\Run: [DisplaySwitch] - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe [32768 2013-08-31] () HKU\Mark\...\Run: [fxqojds0OTX.exe] - C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe [102648 2013-08-31] (Initex Software) HKU\Mark\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe [132096 2013-08-31] () HKU\Mark\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe [132096 2013-08-31] () HKU\Mark\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) HKU\Mark\...\Command Processor: "C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe" AppInit_DLLs: C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll [102648 2013-08-31] () AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~2\Datamngr\mgrldr.dll c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [102648 2013-08-31] () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll C:\PROGRA~2\SEARCH~2\Datamngr\mgrldr.dll c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll C:\Users\Mark\AppData\Local\E4NFIGExP C:\Users\Mark\AppData\Roaming\iD7xtyCIPT C:\Users\Mark\AppData\Local\yYnGLez1Q8 C:\ProgramData\AWuuRlzAaTl C:\Users\Mark\rundll32.exe C:\Users\Mark\rundll32.dll C:\Users\Mark\csrss.exe C:\Windows\System32\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A} C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job 2013-08-31 05:01 - 2013-08-31 05:01 - 00000000 ____D C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad C:\Users\Mark\alg.exe C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad C:\Users\Mark\AppData\Local\Google\Desktop\Install\{c235778a-8857-7199-c7b1-e864ca508e71} C:\ProgramData\F05wYg.dat C:\Users\Mark\GoToAssistDownloadHelper.exe C:\Users\Mark\AppData\Roaming\cache.dat C:\Users\Mark\AppData\Local\Temp\ose00000.exe C:\Users\Mark\AppData\Local\Temp\MozUpdater-2\updater.exe C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job ***************** HKU\Mark\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch => Value deleted successfully. HKU\Mark\Software\Microsoft\Windows\CurrentVersion\Run\\fxqojds0OTX.exe => Value deleted successfully. HKU\Mark\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully. HKU\Mark\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully. HKU\Mark\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Mark\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully. C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe => Moved successfully. C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe => Moved successfully. C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe => Moved successfully. "C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe" => File/Directory not found. "C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll " => File/Directory not found. "C:\PROGRA~2\SEARCH~2\Datamngr\mgrldr.dll " => File/Directory not found. "c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll " => File/Directory not found. C:\Users\Mark\AppData\Local\E4NFIGExP => Moved successfully. C:\Users\Mark\AppData\Roaming\iD7xtyCIPT => Moved successfully. C:\Users\Mark\AppData\Local\yYnGLez1Q8 => Moved successfully. C:\ProgramData\AWuuRlzAaTl => Moved successfully. C:\Users\Mark\rundll32.exe => Moved successfully. C:\Users\Mark\rundll32.dll => Moved successfully. C:\Users\Mark\csrss.exe => Moved successfully. C:\Windows\System32\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A} => Moved successfully. C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job => Moved successfully. C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad => Moved successfully. C:\Users\Mark\alg.exe => Moved successfully. "C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe" => File/Directory not found. "C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe" => File/Directory not found. "C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad" => File/Directory not found. C:\Users\Mark\AppData\Local\Google\Desktop\Install\{c235778a-8857-7199-c7b1-e864ca508e71} => Moved successfully. C:\ProgramData\F05wYg.dat => Moved successfully. C:\Users\Mark\GoToAssistDownloadHelper.exe => Moved successfully. C:\Users\Mark\AppData\Roaming\cache.dat => Moved successfully. C:\Users\Mark\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Mark\AppData\Local\Temp\MozUpdater-2\updater.exe => Moved successfully. "C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job" => File/Directory not found. ==== End of Fixlog ====
  6. Sorry, 64 bit version. Threw me for a while. Here's the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 03 Ran by SYSTEM on MININT-N7PBNI1 on 31-08-2013 09:42:39 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor) HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] () HKLM\...\Run: [sStorageAutoStart] - C:\Program Files (x86)\SOS Online Backup\SStorageLauncher.exe [x] HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-09] (Dell) HKLM\...\Policies\Explorer: [NoRun] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [CyberPatrolNew] - C:\Program Files (x86)\CyberPatrol LLC\CyberPatrol\cphq.exe [1979896 2012-03-23] (CyberPatrol LLC.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-02-09] () HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] () HKLM-x32\...\Run: [sMessaging] - C:\Users\Mark\AppData\Local\Strongvault Online Backup\SMessaging.exe [x] HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKU\Mark\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-08-18] (Google Inc.) HKU\Mark\...\Run: [DisplaySwitch] - C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Templates\sysdrivwin.exe [32768 2013-08-31] () HKU\Mark\...\Run: [fxqojds0OTX.exe] - C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe [102648 2013-08-31] (Initex Software) HKU\Mark\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe [132096 2013-08-31] () <===== ATTENTION HKU\Mark\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe [132096 2013-08-31] () <===== ATTENTION HKU\Mark\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Mark\...\Command Processor: "C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe" <===== ATTENTION! AppInit_DLLs: C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll [102648 2013-08-31] () AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~2\Datamngr\mgrldr.dll c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [102648 2013-08-31] () Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Services (Whitelisted) ================= S3 Background Update Service; C:\Program Files (x86)\CyberPatrol LLC\CyberPatrol\UpdateService.exe [306680 2012-03-23] (CyberPatrol LLC) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink) S3 CyberPatrol UpdateService; C:\Program Files (x86)\CyberPatrol LLC\CyberPatrol\UpdateService.exe [306680 2012-03-23] (CyberPatrol LLC) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [216576 2009-12-02] (Samsung Software Center, Moscow) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 05:01 - 2013-08-31 05:02 - 00000000 ____D C:\Users\Mark\AppData\Local\E4NFIGExP 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\Users\Mark\AppData\Roaming\iD7xtyCIPT 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\Users\Mark\AppData\Local\yYnGLez1Q8 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\ProgramData\AWuuRlzAaTl 2013-08-31 05:01 - 2013-08-31 05:01 - 00102648 _____ (Initex Software) C:\Users\Mark\rundll32.exe 2013-08-31 05:01 - 2013-08-31 05:01 - 00102648 _____ (Initex Software) C:\Users\Mark\rundll32.dll 2013-08-31 05:01 - 2013-08-31 05:01 - 00071680 _____ (Hilgraeve, Inc.) C:\Users\Mark\csrss.exe 2013-08-31 05:01 - 2013-08-31 05:01 - 00003064 _____ C:\Windows\System32\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A} 2013-08-31 05:01 - 2013-08-31 05:01 - 00000324 ____H C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job 2013-08-31 05:01 - 2013-08-31 05:01 - 00000000 ____D C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad 2013-08-31 05:01 - 2013-08-31 05:01 - 00000000 _____ C:\Users\Mark\alg.exe 2013-08-30 15:21 - 2013-08-31 04:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-08-18 10:44 - 2013-08-30 14:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-18 10:44 - 2013-08-18 10:44 - 00001345 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-08-18 10:44 - 2013-08-18 10:44 - 00001345 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk 2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-18 10:44 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-08-18 10:11 - 2013-08-18 10:43 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.1.21-SR2.exe 2013-08-18 10:01 - 2013-08-18 10:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-14 22:39 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-14 22:39 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-08-14 22:39 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-08-14 22:39 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll 2013-08-14 22:39 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 22:39 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 22:39 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 22:39 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 22:39 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 22:39 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 22:39 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 22:39 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 22:39 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 22:39 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 22:39 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 22:39 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 22:39 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 22:38 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-08-14 22:38 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-14 22:38 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-14 22:38 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-14 22:38 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys 2013-08-14 22:37 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-14 22:37 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 22:36 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 22:35 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-08-14 20:14 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-14 20:14 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-14 20:14 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-08-14 20:14 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-14 20:14 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-08-14 20:14 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-14 20:14 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 20:14 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 20:14 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 20:14 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 20:14 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 20:14 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 20:14 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-08-14 20:14 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 20:07 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-11 22:08 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\System32\MRT 2013-08-10 06:12 - 2013-08-10 06:12 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Unity 2013-08-04 12:32 - 2013-08-04 12:34 - 00000000 ____D C:\Users\Mark\Desktop\Unleashed ==================== One Month Modified Files and Folders ======= 2013-08-31 09:40 - 2013-08-31 09:40 - 00000000 ____D C:\FRST 2013-08-31 05:11 - 2013-04-30 19:16 - 00001709 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk 2013-08-31 05:11 - 2013-04-30 19:16 - 00001709 _____ C:\ProgramData\Desktop\McAfee Security Center.lnk 2013-08-31 05:02 - 2013-08-31 05:01 - 00000000 ____D C:\Users\Mark\AppData\Local\E4NFIGExP 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\Users\Mark\AppData\Roaming\iD7xtyCIPT 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\Users\Mark\AppData\Local\yYnGLez1Q8 2013-08-31 05:01 - 2013-08-31 05:01 - 00182272 _____ C:\ProgramData\AWuuRlzAaTl 2013-08-31 05:01 - 2013-08-31 05:01 - 00102648 _____ (Initex Software) C:\Users\Mark\rundll32.exe 2013-08-31 05:01 - 2013-08-31 05:01 - 00102648 _____ (Initex Software) C:\Users\Mark\rundll32.dll 2013-08-31 05:01 - 2013-08-31 05:01 - 00071680 _____ (Hilgraeve, Inc.) C:\Users\Mark\csrss.exe 2013-08-31 05:01 - 2013-08-31 05:01 - 00003064 _____ C:\Windows\System32\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A} 2013-08-31 05:01 - 2013-08-31 05:01 - 00000324 ____H C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job 2013-08-31 05:01 - 2013-08-31 05:01 - 00000000 ____D C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad 2013-08-31 05:01 - 2013-08-31 05:01 - 00000000 _____ C:\Users\Mark\alg.exe 2013-08-31 05:01 - 2011-05-30 11:55 - 00000000 ____D C:\users\Mark 2013-08-31 04:43 - 2011-06-04 09:08 - 00000099 _____ C:\Users\Public\LMDebug.log 2013-08-31 04:42 - 2011-05-30 15:27 - 00000000 ____D C:\Users\Mark\Documents\Excel Files 2013-08-31 04:06 - 2011-06-04 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-31 04:03 - 2013-08-30 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-08-31 04:03 - 2012-10-26 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-31 02:20 - 2009-07-14 00:10 - 01269186 _____ C:\Windows\WindowsUpdate.log 2013-08-30 20:33 - 2012-08-02 20:43 - 00000436 _____ C:\Windows\Tasks\PC Optimizer Pro Updates.job 2013-08-30 16:44 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-30 16:44 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-30 16:37 - 2013-03-24 15:49 - 00000412 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job 2013-08-30 16:37 - 2012-08-02 20:43 - 00000412 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job 2013-08-30 16:37 - 2011-06-04 15:24 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-30 16:37 - 2011-04-19 22:13 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-08-30 16:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-30 16:36 - 2009-07-13 23:51 - 00040799 _____ C:\Windows\setupact.log 2013-08-30 16:27 - 2013-04-30 19:15 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-08-30 16:26 - 2011-04-19 23:58 - 00093576 _____ C:\Windows\PFRO.log 2013-08-30 14:55 - 2011-04-19 22:30 - 00000000 ____D C:\ProgramData\Sonic 2013-08-30 14:43 - 2013-08-18 10:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-18 10:44 - 2013-08-18 10:44 - 00001345 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-08-18 10:44 - 2013-08-18 10:44 - 00001345 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk 2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-18 10:43 - 2013-08-18 10:11 - 37672592 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybotsd-2.1.21-SR2.exe 2013-08-18 10:02 - 2011-06-04 15:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Google 2013-08-18 10:01 - 2013-08-18 10:01 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-18 10:01 - 2011-06-04 15:24 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-18 10:01 - 2011-06-04 15:24 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-08-18 10:00 - 2013-04-30 11:59 - 00000000 ____D C:\Users\Mark\AppData\Local\Deployment 2013-08-17 08:13 - 2012-11-25 13:10 - 00000000 ____D C:\Users\Mark\Documents\Family Tree Maker 2013-08-15 02:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 02:03 - 2013-08-11 22:08 - 00000000 ____D C:\Windows\System32\MRT 2013-08-15 02:01 - 2011-08-13 06:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-08-14 20:08 - 2011-05-31 05:56 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 19:49 - 2013-06-14 17:55 - 00000000 ____D C:\Program Files\My Dell 2013-08-14 19:49 - 2013-06-01 21:47 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-08-14 19:49 - 2013-02-23 02:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-14 19:49 - 2013-02-23 02:43 - 00000000 ____D C:\Program Files\iTunes 2013-08-14 19:49 - 2013-02-23 02:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-14 19:49 - 2012-11-25 13:03 - 00000000 ____D C:\Program Files (x86)\Family Tree Maker 2011 2013-08-14 19:49 - 2012-11-14 06:28 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-08-14 19:49 - 2012-09-01 18:03 - 00000000 ____D C:\Users\Mark\AppData\Roaming\.minecraft 2013-08-14 19:49 - 2012-05-15 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-14 19:49 - 2012-05-15 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-14 19:49 - 2011-12-30 10:17 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate 2013-08-14 19:49 - 2011-12-29 15:01 - 00000000 ____D C:\Program Files (x86)\Steam 2013-08-14 19:49 - 2011-11-26 21:17 - 00000000 ____D C:\Program Files (x86)\Pivot Stickfigure Animator 2013-08-14 19:49 - 2011-11-05 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SharedView 2013-08-14 19:49 - 2011-10-29 11:25 - 00000000 ____D C:\Program Files\Bonjour 2013-08-14 19:49 - 2011-10-29 11:25 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-08-14 19:49 - 2011-09-04 20:46 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2013-08-14 19:49 - 2011-09-04 20:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-08-14 19:49 - 2011-07-23 12:42 - 00000000 ____D C:\Program Files (x86)\Napster 2013-08-14 19:49 - 2011-06-03 11:00 - 00000000 ____D C:\ProgramData\PCDr 2013-08-14 19:49 - 2011-05-31 15:06 - 00000000 ____D C:\Program Files (x86)\Manage Recipes 2013-08-14 19:49 - 2011-05-31 05:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-08-14 19:49 - 2011-05-30 22:32 - 00000000 ____D C:\Program Files (x86)\MozBackup 2013-08-14 19:49 - 2011-05-30 11:55 - 00000000 ___RD C:\Users\Mark\Desktop\Play Games 2013-08-14 19:49 - 2011-04-20 00:41 - 00000000 ____D C:\Program Files\Dell Games Folder 2013-08-14 19:49 - 2011-04-19 22:25 - 00000000 ____D C:\ProgramData\McAfee 2013-08-14 19:49 - 2011-04-19 22:08 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106) 2013-08-14 19:49 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-08-14 19:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-14 19:49 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-08-14 19:49 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2013-08-14 19:48 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-14 19:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2013-08-11 11:00 - 2013-06-14 17:56 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2013-08-10 06:12 - 2013-08-10 06:12 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Unity 2013-08-10 05:55 - 2013-05-09 15:13 - 00000000 ____D C:\Users\Mark\AppData\Local\Unity 2013-08-09 13:49 - 2013-01-25 13:35 - 00506994 _____ C:\Users\Mark\Desktop\server.log 2013-08-06 14:36 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Mark\Desktop\Infamy 2013-08-06 13:18 - 2013-06-30 11:29 - 00000000 ____D C:\Users\Mark\Desktop\MagicFarm 2013-08-04 12:34 - 2013-08-04 12:32 - 00000000 ____D C:\Users\Mark\Desktop\Unleashed 2013-08-04 12:32 - 2013-01-25 13:27 - 00512825 _____ () C:\Users\Mark\Desktop\FTB_Launcher.exe 2013-08-04 12:32 - 2013-01-25 13:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\ftblauncher Files to move or delete: ==================== C:\Users\Mark\AppData\Local\babe669e-3c2f-4988-9c4b-4160b8f8372fad\babeecfcbbffad.exe C:\Users\Mark\AppData\Local\E4NFIGExP\fxqojds0OTX.exe ZeroAccess: C:\Users\Mark\AppData\Local\Google\Desktop\Install\{c235778a-8857-7199-c7b1-e864ca508e71} C:\ProgramData\F05wYg.dat C:\Users\Mark\alg.exe C:\Users\Mark\csrss.exe C:\Users\Mark\GoToAssistDownloadHelper.exe C:\Users\Mark\rundll32.exe C:\Users\Mark\AppData\Roaming\cache.dat C:\Users\Mark\AppData\Local\Temp\ose00000.exe C:\Users\Mark\AppData\Local\Temp\MozUpdater-2\updater.exe C:\Windows\Tasks\{A4E4C7A9-196C-44AB-BA51-3B5074A0D93A}.job ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-08-14 20:02:16 Restore point made on: 2013-08-15 02:00:51 Restore point made on: 2013-08-19 02:00:53 Restore point made on: 2013-08-30 17:13:53 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6103.12 MB Available physical RAM: 5406.5 MB Total Pagefile: 6101.27 MB Available Pagefile: 5399.07 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:742.67 GB) NTFS Drive f: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 Drive i: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: C648A420) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-08-30 17:06
  7. Hello, My computer (Dell, Windows 7, 32 bit) has a version of the Moneypak virus. I can reach a safe mode screen using "Safe Mode with Command Prompt", but it just says "Safe Mode" in the corners, and doesn't show a command prompt, so I can't run anything. Can you help?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.