Jump to content

Flight_1

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by Flight_1

  1. I'm not sure the removal of FRST happened the way it was supposed to. When I clicked on FRST it said that I didn't have the latest version. I clicked the update link which took me to their website. I figured that I probably shouldn't bother updating at this point so I Xed out of the website and tried to run FRST again but the desk top icon was gone. I redownloaded FRST and clicked fix. The log is below. I have not run OTC yet. ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2013 01 Ran by Doug at 2013-10-27 19:59:10 Run:2 Running from C:\Users\Doug\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start DeleteQuarantine: End ***************** C:\FRST\Quarantine => Removed successfully. ==== End of Fixlog ====
  2. No threats found with the ESET online scan. Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. I have not seen it redirect yet. It only happened twice that I know of over a couple of days. I use Internet Explorer. I have Chrome installed but I rarely use it. I will post here if it happens again. Thanks again for the help.
  4. Thanks again, Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013 01 Ran by Doug at 2013-10-26 15:40:37 Run:1 Running from C:\Users\Doug\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start C:\Users\Doug\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Doug\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Doug\AppData\Local\Temp\HPInstaller.exe C:\Users\Doug\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Doug\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Doug\AppData\Local\Temp\ntdll_dump.dll C:\Users\Doug\AppData\Local\Temp\nvStInst.exe C:\Users\Doug\AppData\Local\Temp\Quarantine.exe C:\Users\Doug\AppData\Local\Temp\SeeYouUpdate.exe C:\Users\Doug\AppData\Local\Temp\_is6142.exe C:\Users\Doug\AppData\Local\Temp\_is648C.exe C:\Users\Doug\AppData\Local\Temp\_isBD27.exe AlternateDataStreams: C:\ProgramData\TEMP:054203E4 End ***************** C:\Users\Doug\AppData\Local\Temp\BingBarSetup-Partner.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\HPInstaller.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Doug\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\SeeYouUpdate.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\_is6142.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\_is648C.exe => Moved successfully. C:\Users\Doug\AppData\Local\Temp\_isBD27.exe => Moved successfully. C:\ProgramData\TEMP => ":054203E4" ADS removed successfully. ==== End of Fixlog ==== RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Doug [Admin rights] Mode : Scan -- Date : 10/26/2013 15:46:09 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\Users\boinc_master\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Users\Michelle & Doug\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> E:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Documents and Settings\Doug\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> E:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) OCZ-VERTEX4 +++++ --- User --- [MBR] cb1004c8ce830760d80583aeeabd2bcd [bSP] 0ecad9e60f51b1d01306d9d2b27b3b2d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST2000DM001-9YN164 +++++ --- User --- [MBR] c036e5fff72a63c3296a2eb4aa5cec8a [bSP] 85b99c06d70b3a0645981e2c48d80425 : Legit.C MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) WDC WD4000AAJS-65TKA0 +++++ --- User --- [MBR] a06e5029a861aaeebed44b655a51cb1d [bSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 372485 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 762849360 | Size: 9066 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10262013_154609.txt >>
  5. Thanks, Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01 Ran by Doug (administrator) on DOUG-PC on 26-10-2013 09:45:30 Running from C:\Users\Doug\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-19] (Realtek Semiconductor) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKCU\...\Run: [HP Photosmart 7520 series (NET)] - C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) MountPoints2: {6270368f-0d53-11e2-9d50-806e6f6e6963} - Z:\Bin\ASSETUP.exe MountPoints2: {aa7cbd55-2502-11e2-b410-3085a98e8b9c} - H:\TL-Bootstrap.exe HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA740A7BA20A1CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Motive Extension) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.1_0 CHR Extension: (Gmail) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx ==================== Services (Whitelisted) ================= R2 HPSLPSVC; C:\Users\Doug\AppData\Local\Temp\7zS4582\hpslpsvc64.dll [1039360 2012-08-23] (Hewlett-Packard Co.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-03-13] (Alcatel-Lucent) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1435928 2013-09-10] (Trusteer Ltd.) ==================== Drivers (Whitelisted) ==================== S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) R3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [589872 2013-08-20] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [265872 2013-09-10] (Trusteer Ltd.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [295696 2013-09-10] (Trusteer Ltd.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [384432 2013-09-10] (Trusteer Ltd.) R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-02] (Acronis) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-26 09:45 - 2013-10-26 09:45 - 00000000 ____D C:\FRST 2013-10-26 09:44 - 2013-10-26 09:44 - 01956160 _____ (Farbar) C:\Users\Doug\Desktop\FRST64.exe 2013-10-25 23:18 - 2013-10-25 23:18 - 01060070 _____ C:\Users\Doug\Desktop\AdwCleaner.exe 2013-10-25 23:17 - 2013-10-25 23:17 - 00000632 _____ C:\Users\Doug\Desktop\JRT.txt 2013-10-25 23:05 - 2013-10-25 23:22 - 00000000 ____D C:\AdwCleaner 2013-10-25 22:54 - 2013-10-25 22:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-25 22:53 - 2013-10-25 22:53 - 01033335 _____ (Thisisu) C:\Users\Doug\Desktop\JRT.exe 2013-10-25 17:57 - 2013-10-25 17:57 - 00000112 ___RH C:\Users\Doug\Downloads\Stinger.opt 2013-10-25 17:55 - 2013-10-25 17:56 - 00000632 _____ C:\Users\Doug\Downloads\Stinger_25102013_175502.html 2013-10-25 17:54 - 2013-10-25 17:54 - 10085920 _____ (McAfee Inc) C:\Users\Doug\Downloads\stinger32.exe 2013-10-25 14:05 - 2013-05-07 21:08 - 00009860 _____ C:\Users\Doug\Desktop\DerbyCar - Copy.xlsx 2013-10-24 08:30 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-24 08:30 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-24 08:05 - 2013-10-24 08:05 - 00000000 ____D C:\ProgramData\Oracle 2013-10-24 08:04 - 2013-10-24 08:04 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-24 08:04 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-10 18:42 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-10 18:42 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-10 18:42 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-10 18:42 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-10 18:42 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-10 18:42 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-10 18:42 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-10 18:42 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-10 18:42 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-10 18:42 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-10 18:42 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-10 18:42 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-10 10:53 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-10 10:53 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-10 10:53 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-10 10:53 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-10 10:53 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-10 10:53 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-10 10:53 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-10 10:53 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-10 10:53 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-10 10:53 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-10 10:53 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-10 10:53 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-10 10:53 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-10 10:53 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-10 10:53 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-10 10:53 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-10 10:53 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-10 10:53 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-10 10:53 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-10 10:53 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-10 10:53 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-10 10:53 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-10 10:53 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 10:53 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 10:53 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-10 10:53 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-10 10:53 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-10 10:53 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-10 10:53 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-10 10:53 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-10 10:53 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-10 10:53 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-10 10:53 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-10 10:53 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-10 10:53 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-10 10:53 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-10 10:53 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-10 10:53 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-10 10:53 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-10 10:53 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-10 10:53 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-10 10:53 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-10 10:53 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-10 10:53 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-10 10:53 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-10 10:53 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll ==================== One Month Modified Files and Folders ======= 2013-10-26 09:45 - 2013-10-26 09:45 - 00000000 ____D C:\FRST 2013-10-26 09:44 - 2013-10-26 09:44 - 01956160 _____ (Farbar) C:\Users\Doug\Desktop\FRST64.exe 2013-10-26 09:35 - 2012-10-05 05:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-26 08:59 - 2012-10-03 06:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-26 07:59 - 2012-10-03 06:23 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-26 07:36 - 2012-10-03 05:16 - 01413570 _____ C:\Windows\WindowsUpdate.log 2013-10-26 06:44 - 2009-07-13 21:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-26 06:44 - 2009-07-13 21:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-26 06:41 - 2009-07-13 22:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-26 06:37 - 2012-11-19 04:01 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-26 06:37 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-26 06:37 - 2009-07-13 21:51 - 00072076 _____ C:\Windows\setupact.log 2013-10-25 23:22 - 2013-10-25 23:05 - 00000000 ____D C:\AdwCleaner 2013-10-25 23:18 - 2013-10-25 23:18 - 01060070 _____ C:\Users\Doug\Desktop\AdwCleaner.exe 2013-10-25 23:17 - 2013-10-25 23:17 - 00000632 _____ C:\Users\Doug\Desktop\JRT.txt 2013-10-25 23:09 - 2010-11-20 20:47 - 00011620 _____ C:\Windows\PFRO.log 2013-10-25 22:54 - 2013-10-25 22:54 - 00000000 ____D C:\Windows\ERUNT 2013-10-25 22:53 - 2013-10-25 22:53 - 01033335 _____ (Thisisu) C:\Users\Doug\Desktop\JRT.exe 2013-10-25 17:57 - 2013-10-25 17:57 - 00000112 ___RH C:\Users\Doug\Downloads\Stinger.opt 2013-10-25 17:57 - 2013-03-09 13:53 - 00000000 ____D C:\Program Files (x86)\stinger 2013-10-25 17:56 - 2013-10-25 17:55 - 00000632 _____ C:\Users\Doug\Downloads\Stinger_25102013_175502.html 2013-10-25 17:54 - 2013-10-25 17:54 - 10085920 _____ (McAfee Inc) C:\Users\Doug\Downloads\stinger32.exe 2013-10-25 17:54 - 2013-03-16 23:33 - 00000038 ___RH C:\Users\Doug\Desktop\Stinger.opt 2013-10-25 16:47 - 2013-05-09 11:39 - 00000000 ____D C:\Users\Doug\AppData\Local\Microsoft Games 2013-10-25 13:56 - 2012-10-23 13:05 - 00000000 ____D C:\Users\Doug\Documents\Finances_2012 2013-10-25 09:43 - 2013-06-04 19:46 - 00000000 ____D C:\Users\Doug\AppData\Roaming\.minecraft 2013-10-24 08:37 - 2012-10-07 14:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-24 08:05 - 2013-10-24 08:05 - 00000000 ____D C:\ProgramData\Oracle 2013-10-24 08:04 - 2013-10-24 08:04 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-24 08:04 - 2013-06-28 09:15 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-17 07:54 - 2012-10-03 06:23 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-17 07:54 - 2012-10-03 06:23 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-16 05:14 - 2009-07-13 22:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-15 23:44 - 2012-10-02 21:39 - 00001945 _____ C:\Windows\epplauncher.mif 2013-10-15 23:44 - 2012-10-02 21:39 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-15 23:44 - 2012-10-02 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-10 20:51 - 2009-07-13 21:45 - 00356168 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-10 18:41 - 2012-11-06 12:10 - 00772558 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-10 18:39 - 2013-08-15 17:12 - 00000000 ____D C:\Windows\system32\MRT 2013-10-10 18:38 - 2012-10-02 21:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-08 19:35 - 2012-10-05 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 19:35 - 2012-10-05 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-08 19:35 - 2012-10-05 05:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 07:50 - 2013-06-28 09:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 07:46 - 2013-10-24 08:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-08 07:46 - 2013-06-28 09:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-08 07:46 - 2013-06-28 09:15 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-02 08:21 - 2012-10-02 19:33 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies Some content of TEMP: ==================== C:\Users\Doug\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Doug\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Doug\AppData\Local\Temp\HPInstaller.exe C:\Users\Doug\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Doug\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Doug\AppData\Local\Temp\ntdll_dump.dll C:\Users\Doug\AppData\Local\Temp\nvStInst.exe C:\Users\Doug\AppData\Local\Temp\Quarantine.exe C:\Users\Doug\AppData\Local\Temp\SeeYouUpdate.exe C:\Users\Doug\AppData\Local\Temp\_is6142.exe C:\Users\Doug\AppData\Local\Temp\_is648C.exe C:\Users\Doug\AppData\Local\Temp\_isBD27.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2012-10-03 05:10 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01 Ran by Doug at 2013-10-26 09:46:02 Running from C:\Users\Doug\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 4500_G510gm_Help (x32 Version: 000.0.376.000) 4500G510gm (x32 Version: 000.0.376.000) 4500G510gm_Software_Min (x32 Version: 000.0.376.000) 64 Bit HP CIO Components Installer (Version: 6.2.1) 7-Zip 9.22beta (x32) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Reader X (10.1.8) (x32 Version: 10.1.8) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0) AT&T Portal Bing Bar (x32 Version: 7.3.107.0) Bonjour (Version: 3.0.0.10) BufferChm (x32 Version: 130.0.371.000) Condor: The Competition Soaring Simulator 1.1.5 (x32 Version: 1.1.5) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Destinations (x32 Version: 130.0.0.0) DeviceDiscovery (x32 Version: 130.0.372.000) DocMgr (x32 Version: 130.0.000.000) DocProc (x32 Version: 13.0.0.0) Fax (x32 Version: 130.0.372.000) FirstClass Client (x32 Version: 11.059) Flight Simulator X (x32) Flight Simulator X Service Pack 1 (x32) Google Chrome (x32 Version: 30.0.1599.101) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54) Google Update Helper (x32 Version: 1.3.21.165) GPBaseService2 (x32 Version: 130.0.411.000) HP Customer Participation Program 13.0 (Version: 13.0) HP Document Manager 2.0 (Version: 2.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Officejet 4500 G510g-m (Version: 13.0) HP Photosmart 7520 series Basic Device Software (Version: 28.0.1315.0) HP Photosmart 7520 series Help (x32 Version: 28.0.0) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) HP Update (x32 Version: 5.003.003.001) HPProductAssistant (x32 Version: 130.0.411.000) HPSSupply (x32 Version: 130.0.411.000) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 8.0.4.1441) Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: 11.0.4.4) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Logitech Gaming Software 5.10 (Version: 5.10.127) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Flight Simulator X (x32 Version: 10.0.60905) Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0) Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (Version: 14.0.7015.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Security Client (Version: 4.3.0219.0) Microsoft Security Essentials (Version: 4.3.219.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3505.0912) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0) Network64 (Version: 130.0.374.000) NVIDIA 3D Vision Controller Driver 320.18 (Version: 320.18) NVIDIA 3D Vision Driver 320.18 (Version: 320.18) NVIDIA Control Panel 320.18 (Version: 320.18) NVIDIA Graphics Driver 320.18 (Version: 320.18) NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.124.810) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OCR Software by I.R.I.S. 13.0 (Version: 13.0) Photo Gallery (x32 Version: 16.4.3505.0912) PMDG 737 8900 NGX (x32 Version: 1.00.3219) Rapport (x32 Version: 3.5.1302.61) Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602) Scan (x32 Version: 13.0.0.0) SeeYou Version 5.0 (x32) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition Shop for HP Supplies (Version: 13.0) SmartWebPrinting (x32 Version: 130.0.457.000) SolutionCenter (x32 Version: 130.0.413.000) Status (x32 Version: 130.0.373.000) Toolbox (x32 Version: 130.0.648.000) TrayApp (x32 Version: 130.0.376.000) Trusteer Endpoint Protection (x32 Version: 3.5.1302.61) TurboTax 2012 (x32 Version: 2012.0) TurboTax 2012 wcaiper (x32 Version: 012.000.1430) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083) TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451) TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179) TurboTax 2012 wrapper (x32 Version: 012.000.0127) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition WebReg (x32 Version: 130.0.171.017) WIDCOMM Bluetooth Software (Version: 6.5.1.2700) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (Version: 03/07/2012 ) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Mobile Device Center (Version: 6.1.6965.0) Yahoo! Toolbar (x32) ==================== Restore Points ========================= 14-10-2013 02:00:22 Windows Backup 15-10-2013 14:19:38 Windows Update 16-10-2013 06:44:00 Windows Update 19-10-2013 14:08:13 Windows Update 21-10-2013 02:00:14 Windows Backup 22-10-2013 18:26:33 Windows Update 24-10-2013 15:04:20 Installed Java 7 Update 45 24-10-2013 15:36:04 Windows Update 24-10-2013 15:44:11 Windows Update ==================== Hosts content: ========================== 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1773340D-4AF8-45DB-99F9-A4240E4F9A2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {59EFC8D8-E848-43CC-B002-862000A2173B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.) Task: {BA059DBB-747E-4278-B6ED-9100EB338C50} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D8EDC665-D27E-408B-9ADC-7D38925A54DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03] (Google Inc.) Task: {FB723733-8EF5-49E3-B1DE-EE677C7CCDC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-22 11:21 - 2013-08-20 07:53 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll 2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2012-10-02 20:53 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-10-02 20:51 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:054203E4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14342425.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14342425.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2013 06:38:55 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/25/2013 11:25:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/26/2013 06:39:18 AM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (10/26/2013 06:39:18 AM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (10/25/2013 11:26:16 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (10/25/2013 11:26:16 PM) (Source: Service Control Manager) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (10/26/2013 06:38:55 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/25/2013 11:25:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-10-26 02:29:03.061 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:29:03.001 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:29:02.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:29:02.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:29:02.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:29:02.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:14:31.111 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:14:31.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:14:30.991 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2013-10-26 02:14:30.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8143.79 MB Available physical RAM: 5762.05 MB Total Pagefile: 16285.75 MB Available Pagefile: 13645.84 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:14.54 GB) NTFS Drive d: (Main Disk) (Fixed) (Total:1863.01 GB) (Free:1293.78 GB) NTFS Drive e: (HP) (Fixed) (Total:363.75 GB) (Free:137.42 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 3FC9AA82) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 2F52F74F) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 373 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=364 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. Hi, I have a redirect virus that Malwarebytes and Microsoft Security Essentials do not find. I have tried the directions from this forum post: https://forums.malwarebytes.org/index.php?showtopic=135293&hl=%2Bredirect#entry746329 In the process of downloading AdwCleaner a new icon showed up on my desktop which I thought was to launch AdwCleaner. I clicked on it and it turned out to be PUP.Optional.ExpressInstall.A. (Malwarebytes removed it.) I updated and did a full scan with Malwarebytes which did not find anything. I have no idea what is on my computer now and it doesn't appear that I have had any luck removing the original redirect virus. Thanks for the help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.