Jump to content

Purrington666

Honorary Members
  • Posts

    112
  • Joined

  • Last visited

Everything posted by Purrington666

  1. Gringo: I was able to resolve the issue. You may close this thread. Thank you for getting back to me.
  2. I appreciate your guidance and apologize for posting my inquiry at an incorrect forum. Thank you
  3. I hope this is the correct forum to post my inquiry. I recently ran "Hitman Pro" and got the following message: Suspicious File: C:\windows\system32\PerfStringBackup.INI Today I also ran "Combofix" and the report seems to indicate a potential problem with a "win32 infection. I have attached this report. Also when I run Malwarebytes Anti-Malware Premium while I appear not to be infected after the scan runs and I try to shut it down I keep getting a message that it is not "responding." Should I be worried about these? Thank you combo fix.txt
  4. I recently ran "Hitman Pro" and got the following message with a suspicious file. I also ran "Combofix" and the report seems to indicate a potential problem with a "win32 infection. I have attached this report. Should I be worried about these? HitmanPro 3.7.9.225www.hitmanpro.com Computer name . . . . : LEWIS-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Lewis-PC\Lewis UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-10-04 19:37:21 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1,672,948 Files scanned . . . . : 28,931 Remnants scanned . . : 256,507 files / 1,387,510 keys Suspicious files ____________________________________________________________ C:\windows\system32\PerfStringBackup.INI Size . . . . . . . : 7,052 bytes Age . . . . . . . : 1908.8 days (2009-07-14 01:13:15) Entropy . . . . . : 3.1 Thank youComboFix.txt
  5. I have performed all of the cleanup tasks you have suggested. Thank you for the preventative maintenance suggestions and for cleaning up my laptop.
  6. # AdwCleaner v3.215 - Report created 13/07/2014 at 13:32:44 # Updated 09/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lewis - LEWIS-PC # Running from : C:\Users\Lewis\Downloads\adwcleaner_3.215.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R47].txt - [765 octets] - [09/07/2014 05:49:52] AdwCleaner[R48].txt - [831 octets] - [13/07/2014 13:31:11] AdwCleaner[s13].txt - [752 octets] - [13/07/2014 13:32:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s13].txt - [812 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Lewis on Sun 07/13/2014 at 13:37:57.66 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 07/13/2014 at 13:48:36.34 End of JRT log Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Secunia PSI (3.0.0.9016) Java 7 Update 55 Java version out of Date! Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Secure Backup SUpdateNotifier.exe Malwarebytes Anti-Exploit mbae-svc.exe Malwarebytes Anti-Malware mbamscheduler.exe Malwarebytes Secure Backup SAgent.Service.exe Malwarebytes Secure Backup mbsbscan.exe Malwarebytes Secure Backup SMessaging.exe Malwarebytes Anti-Exploit mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log`````````````````````` May I ask three questions: 1. What was the difficulty with “Savings Bond Wizard” that made it necessary to remove it from my system? It is a tool from the U.S. Treasury Dept. to track Bond performance. 2. On the Farbar Fixlist it refers to: “C:\Users\James\AppData\.” Nobody by the name of James has ever been given access to my laptop? Should I be concerned that my laptop was hacked? 3. When I did the “ESET” scan I left the “Remove Threat Checkbox” un-ticked so the threat detected was not removed. It did not appear on the ADWCleaner scan. Should I run the “ESET” scan again and remove it? I greatly appreciate your help. Any further guidance you might have as to preventative measures I should take to avoid further issues will be greatly appreciated. Thank you.
  7. C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000202 a variant of Win32/CNETInstaller.B potentially unwanted application
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014 Ran by Lewis at 2014-07-11 05:16:13 Run:1 Running from C:\Users\Lewis\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR Extension: (CostMin) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp [2014-07-07] CHR Extension: (CostMin) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0 [2014-07-07] 2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-07 01:04 - 2014-07-07 01:42 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-07 01:04 - 2014-07-07 01:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-07-07 01:04 - 2014-07-07 01:06 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d3 2014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser C:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exe C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe ***************** "C:\windows\system32\GroupPolicy\Machine" => File/Directory not found. C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp directory not found. C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0 directory not found. "C:\Program Files (x86)\predm" => File/Directory not found. "C:\Program Files (x86)\SupTab" => File/Directory not found. "C:\ProgramData\ntuser.pol" => File/Directory not found. "C:\ProgramData\d76b26a3592eb7d3" => File/Directory not found. "C:\Windows\System32\Tasks\EnergoTech Update" => File/Directory not found. "C:\Users\James\AppData\Local\Torch" => File/Directory not found. "C:\Users\James\AppData\Local\Packages" => File/Directory not found. "C:\Users\James\AppData\Local\Comodo" => File/Directory not found. "C:\Users\James\AppData\Local\Chromatic Browser" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exe" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe" => File/Directory not found. ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/11/2014 Scan Time: 5:18:31 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.11.03 Rootkit Database: v2014.07.09.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lewis Scan Type: Threat Scan Result: Completed Objects Scanned: 286370 Time Elapsed: 10 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  9. I just noticed that my post on the FRST Log did not post the entire text. I think it may have been to long for a single post. Below is the remainder to the FRST Log. I apologize for any inconvenience. 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 00:56 ==================== End Of Log ============================
  10. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014 Ran by Lewis at 2014-07-09 17:51:58 Running from C:\Users\Lewis\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell) Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft) Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps) Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Malwarebytes Secure Backup (HKLM-x32\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC) Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - ) <==== ATTENTION Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation) Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) Hidden Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Restore Points ========================= 09-07-2014 08:52:18 After installing Advanced Uninstaller PRO 09-07-2014 16:58:43 Removed Cookienator 09-07-2014 18:26:59 Restore Operation ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-07-09 11:59 - 00000747 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {08E7F967-E580-4036-9B5D-7DE3012A294F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.) Task: {12608D99-FB59-406C-AB78-33DF23FD9F5D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {223A9C25-F81C-46EA-8C7D-4A79E134DC95} - System32\Tasks\{E0C02BB2-E10A-4787-843C-8DBE4BAFCF49} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-11-08] (Microsoft Corporation) Task: {2F7B0BC0-94B4-49D2-B8C8-051B3FE16248} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe Task: {3787A3F1-83A5-4EEB-9EF5-BC374252B921} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.) Task: {386CB256-2524-461C-89F9-F258780F6178} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.) Task: {690EF210-3C3E-4D7C-8419-520B39C6F4DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {7620479D-5519-4082-B9AA-B11D5DCE2782} - System32\Tasks\{B9F54019-5895-4C67-8889-5CF0FCC26592} => C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11] (Microsoft Corporation) Task: {920AAE2B-E31A-43AD-B711-CEFDA9303C9E} - System32\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {96F14597-6597-47ED-8DAB-3458EBF2B483} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {9AE1BB29-662F-4619-8070-ECD2E5FE9D7E} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {C8A0B1EF-464E-430A-B8EA-4C9E1527B067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.) Task: {DBE087F4-8B41-46B7-9017-DB78DC55353F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.) Task: {DEF5643B-367E-4A5A-B336-F79B1EF5DB7F} - System32\Tasks\{68313C00-F4BB-4305-8EEB-2FC4046E7DBD} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net.job => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe Task: C:\windows\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-03-03 16:50 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00037272 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00040344 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Utils.Rc.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00019864 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.RemoteControl.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00035224 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll 2012-01-05 01:41 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00716616 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00126280 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 04217672 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00414536 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 01732424 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 14612296 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 3 MSCONFIG\Services: AMPPALR3 => 2 MSCONFIG\Services: Bluetooth Device Monitor => 3 MSCONFIG\Services: Bluetooth Media Service => 3 MSCONFIG\Services: Bluetooth OBEX Service => 3 MSCONFIG\Services: BTHSSecurityMgr => 3 MSCONFIG\Services: DellDigitalDelivery => 3 MSCONFIG\Services: dleaCATSCustConnectService => 2 MSCONFIG\Services: dlea_device => 2 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hmpalertsvc => 2 MSCONFIG\Services: IAStorDataMgrSvc => 3 MSCONFIG\Services: LMS => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: ReimageRealTimeProtection => 2 MSCONFIG\Services: sagentservice => 2 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\Services: Secunia PSI Agent => 2 MSCONFIG\Services: SftService => 3 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: UNS => 3 MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp MSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: SMessaging => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe MSCONFIG\startupreg: SOSUAUI => "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showui MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport #2 Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: avast! Firewall NDIS Filter Miniport #10 Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (07/09/2014 04:21:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 03:57:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 03:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 02:35:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:34:54 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070005. Error: (07/09/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:30:53 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Removed Cookienator). Additional information: 0x80070005. Error: (07/09/2014 00:47:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 00:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/09/2014 00:39:12 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:29:13 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:23:51 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:23:45 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:38:53 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:38:47 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:34:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/09/2014 05:34:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473536. Error: (07/09/2014 05:33:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/09/2014 04:11:44 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (07/09/2014 04:21:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 03:57:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 03:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 02:35:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:34:54 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Restore Operation0x80070005 Error: (07/09/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:30:53 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Removed Cookienator0x80070005 Error: (07/09/2014 00:47:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 00:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-07-09 03:32:09.990 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-09 03:32:09.912 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-08 19:50:55.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-08 19:50:55.912 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 04:54:18.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-22 04:19:51.325 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:42:56.830 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:31:50.279 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:19:24.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 17:15:08.631 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 6051.18 MB Available physical RAM: 3228.11 MB Total Pagefile: 12100.54 MB Available Pagefile: 8936.95 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:407.71 GB) NTFS Drive e: () (Removable) (Total:3.73 GB) (Free:1.24 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BDFF1CAD) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014 Ran by Lewis (administrator) on LEWIS-PC on 09-07-2014 17:50:54 Running from C:\Users\Lewis\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks) HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: *‮* <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: 4SyncOverlay1 -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: 4SyncOverlay2 -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: 4SyncOverlay3 -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: https://www.yahoo.com/ CHR StartupUrls: "hxxp://www.yahoo.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09] CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09] CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-09] CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09] CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-09] CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2014-07-09] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-07-09] CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09] CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed] S4 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed] S4 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed] S4 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] () S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( ) S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( ) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-08] (SurfRight B.V.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-08] (Emsisoft GmbH) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] () R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Lewis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-09 17:50 - 2014-07-09 17:51 - 00027972 _____ () C:\Users\Lewis\Downloads\FRST.txt 2014-07-09 17:50 - 2014-07-09 17:50 - 00000000 ___DC () C:\FRST 2014-07-09 17:49 - 2014-07-09 17:49 - 02084352 _____ (Farbar) C:\Users\Lewis\Downloads\FRST64.exe 2014-07-09 17:49 - 2014-07-09 17:49 - 00001447 _____ () C:\Users\Lewis\Desktop\FRST64 - Shortcut.lnk 2014-07-09 11:18 - 2014-07-09 11:18 - 00003544 ____C () C:\bootsqm.dat 2014-07-09 06:39 - 2014-07-09 06:40 - 04501328 _____ (Systweak Inc ) C:\Users\Lewis\Downloads\rcp_dcomnew_util_728.exe 2014-07-09 05:51 - 2014-07-09 05:51 - 00000000 ___DC () C:\ProgramData\RogueKiller 2014-07-09 05:49 - 2014-07-09 12:08 - 00000000 ___DC () C:\AdwCleaner 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ___DC () C:\ProgramData\Innovative Solutions 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Innovative Solutions 2014-07-09 03:48 - 2014-07-09 03:48 - 00199753 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-48-23 (pid 1992).log 2014-07-09 03:47 - 2014-07-09 03:47 - 00198355 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-47-14 (pid 988).log 2014-07-09 03:26 - 2014-07-09 03:36 - 00000000 ___DC () C:\Qoobox 2014-07-09 03:26 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe 2014-07-09 03:26 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe 2014-07-09 03:26 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe 2014-07-09 01:41 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-07-09 01:41 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-07-09 01:41 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 01:41 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 01:41 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 01:41 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 01:41 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-07-09 01:41 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 01:40 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 01:40 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 01:40 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 01:40 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-07-09 01:40 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-07-09 01:40 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 01:40 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-07-09 01:40 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-07-09 01:40 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-07-09 01:40 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-07-09 01:40 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-07-09 01:40 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-07-09 01:40 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-07-09 01:40 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-07-09 01:40 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-07-09 01:40 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-07-09 01:40 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 01:40 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-07-09 01:40 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 01:40 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 01:40 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-07-09 01:40 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-07-09 01:40 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 01:40 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 01:40 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 01:40 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 01:40 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-07-09 01:40 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-07-09 01:40 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-07-09 01:40 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-07-09 01:40 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 01:40 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 01:40 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-07-09 01:40 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-07-09 01:40 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 01:40 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-07-09 01:40 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-07-09 01:40 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-07-09 01:40 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-07-09 01:40 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 01:40 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 01:40 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-07-09 01:40 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 01:40 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 01:40 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 01:40 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 01:40 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 01:40 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 01:40 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-07-09 01:40 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 01:40 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 01:40 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 01:40 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 01:40 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 01:40 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 01:40 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 01:40 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 01:40 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-07-09 01:40 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-07-08 12:21 - 2014-07-08 12:31 - 00000000 ___DC () C:\EEK 2014-07-08 10:57 - 2014-07-08 10:57 - 02347384 _____ (ESET) C:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe 2014-07-08 10:34 - 2014-07-08 10:34 - 00030336 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-08 04:59 - 2014-07-08 05:00 - 109621496 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\msert.exe 2014-07-08 04:45 - 2014-07-09 11:51 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys 2014-07-08 00:01 - 2014-07-08 00:01 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-07-02 07:31 - 2014-04-11 11:10 - 00000870 _____ () C:\Users\Lewis\Documents\Savings Bond Wizard.lnk 2014-06-30 05:48 - 2014-06-30 05:48 - 00001435 _____ () C:\Users\Lewis\Desktop\Shamdasani - The Boundless Expanse sm - Shortcut.lnk 2014-06-25 15:47 - 2014-06-25 15:47 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-06-18 15:17 - 2014-06-18 15:18 - 00000000 ____D () C:\Users\Lewis\AppData\Local\calibre-cache 2014-06-18 15:15 - 2014-06-18 15:18 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\calibre 2014-06-18 14:01 - 2014-06-18 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-06-17 19:45 - 2014-07-09 06:15 - 00003246 _____ () C:\windows\System32\Tasks\Trojan Killer 2014-06-17 08:22 - 2014-06-17 08:22 - 12881523 _____ () C:\Users\Lewis\Downloads\blog-06-17-2014.xml 2014-06-16 05:12 - 2014-06-18 14:01 - 10971424 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe 2014-06-16 05:12 - 2014-06-16 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-06-16 05:11 - 2014-06-16 05:12 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-06-15 18:54 - 2014-07-09 05:08 - 00006306 _____ () C:\windows\PFRO.log 2014-06-15 18:35 - 2014-06-15 18:52 - 00000000 ___DC () C:\Program Files (x86)\Amazon 2014-06-15 18:23 - 2014-06-15 18:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lewis\Downloads\mbar-1.07.0.1012.exe 2014-06-15 16:46 - 2014-07-09 15:52 - 00008064 _____ () C:\windows\setupact.log 2014-06-15 16:46 - 2014-06-15 16:46 - 00000000 _____ () C:\windows\setuperr.log 2014-06-13 16:43 - 2014-06-13 16:43 - 00090202 _____ () C:\Users\Lewis\Downloads\09Jan2014 DEPTH PSYCHOLOGY RESOURCES - MASTER LIST (JAN-9) (3).xlsx 2014-06-11 03:55 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-06-11 03:55 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll 2014-06-11 03:55 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-06-11 03:55 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2014-06-11 03:55 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-06-11 03:55 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 03:55 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-06-11 03:55 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-06-11 03:55 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-06-11 03:55 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-06-11 03:55 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2014-06-11 03:55 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-06-11 03:55 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll 2014-06-11 03:55 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-06-09 16:15 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Lewis\Documents\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified Files and Folders ======= 2014-07-09 17:51 - 2014-07-09 17:50 - 00027972 _____ () C:\Users\Lewis\Downloads\FRST.txt 2014-07-09 17:50 - 2014-07-09 17:50 - 00000000 ___DC () C:\FRST 2014-07-09 17:49 - 2014-07-09 17:49 - 02084352 _____ (Farbar) C:\Users\Lewis\Downloads\FRST64.exe 2014-07-09 17:49 - 2014-07-09 17:49 - 00001447 _____ () C:\Users\Lewis\Desktop\FRST64 - Shortcut.lnk 2014-07-09 17:47 - 2014-02-11 18:38 - 01464903 _____ () C:\windows\WindowsUpdate.log 2014-07-09 17:25 - 2013-10-04 05:48 - 00000000 ____D () C:\Users\Lewis\Documents\Outlook Files 2014-07-09 17:25 - 2013-07-09 19:36 - 48658944 ___SH () C:\Users\Lewis\Desktop\Thumbs.db 2014-07-09 17:16 - 2014-05-21 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 17:03 - 2014-03-11 17:39 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-09 16:02 - 2014-03-08 13:50 - 00000490 _____ () C:\windows\Tasks\Online Backup Update Notifier.job 2014-07-09 16:00 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-09 16:00 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-09 15:53 - 2012-01-05 01:50 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-07-09 15:53 - 2012-01-05 01:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-07-09 15:53 - 2012-01-05 01:41 - 00000000 ___DC () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-07-09 15:52 - 2014-06-15 16:46 - 00008064 _____ () C:\windows\setupact.log 2014-07-09 15:52 - 2014-03-11 17:39 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-09 15:52 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-09 14:33 - 2012-03-02 16:56 - 00000000 ____D () C:\Users\Lewis 2014-07-09 14:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration 2014-07-09 12:51 - 2014-03-08 13:52 - 00000530 _____ () C:\windows\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net.job 2014-07-09 12:18 - 2014-02-20 06:43 - 00000000 ____D () C:\Users\Lewis\AppData\Local\CrashDumps 2014-07-09 12:08 - 2014-07-09 05:49 - 00000000 ___DC () C:\AdwCleaner 2014-07-09 11:51 - 2014-07-08 04:45 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys 2014-07-09 11:18 - 2014-07-09 11:18 - 00003544 ____C () C:\bootsqm.dat 2014-07-09 06:40 - 2014-07-09 06:39 - 04501328 _____ (Systweak Inc ) C:\Users\Lewis\Downloads\rcp_dcomnew_util_728.exe 2014-07-09 06:15 - 2014-06-17 19:45 - 00003246 _____ () C:\windows\System32\Tasks\Trojan Killer 2014-07-09 05:51 - 2014-07-09 05:51 - 00000000 ___DC () C:\ProgramData\RogueKiller 2014-07-09 05:33 - 2012-03-02 17:31 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Apps\2.0 2014-07-09 05:12 - 2012-03-02 18:08 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Skype 2014-07-09 05:12 - 2012-03-02 17:48 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Microsoft Help 2014-07-09 05:12 - 2012-01-05 01:08 - 00000000 ___DC () C:\Intel 2014-07-09 05:12 - 2011-02-23 09:08 - 00000000 ____D () C:\windows\Panther 2014-07-09 05:12 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-07-09 05:08 - 2014-06-15 18:54 - 00006306 _____ () C:\windows\PFRO.log 2014-07-09 04:54 - 2012-01-05 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ___DC () C:\ProgramData\Innovative Solutions 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Innovative Solutions 2014-07-09 04:44 - 2014-01-14 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-09 03:48 - 2014-07-09 03:48 - 00199753 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-48-23 (pid 1992).log 2014-07-09 03:47 - 2014-07-09 03:47 - 00198355 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-47-14 (pid 988).log 2014-07-09 03:41 - 2014-05-18 08:08 - 00000000 ___DC () C:\found.000 2014-07-09 03:36 - 2014-07-09 03:26 - 00000000 ___DC () C:\Qoobox 2014-07-09 03:32 - 2009-07-13 22:34 - 00000215 ____C () C:\windows\system.ini 2014-07-09 03:26 - 2014-01-14 08:54 - 00000000 ____D () C:\windows\erdnt 2014-07-09 03:09 - 2009-07-14 00:45 - 00416688 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-09 03:07 - 2014-05-06 05:36 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-07-09 03:07 - 2012-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-09 03:07 - 2012-01-05 02:57 - 00000000 ___DC () C:\Program Files\Windows Journal 2014-07-09 03:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism 2014-07-09 03:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism 2014-07-09 03:05 - 2013-08-13 19:55 - 00000000 ____D () C:\windows\system32\MRT 2014-07-09 03:03 - 2012-03-04 03:42 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 01:45 - 2012-01-05 01:22 - 00000000 ____D () C:\ProgramData\Temp 2014-07-08 19:16 - 2009-07-14 01:08 - 00032616 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-07-08 16:47 - 2014-01-28 18:50 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster 2014-07-08 15:17 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\Lewis\AppData\Local\VirtualStore 2014-07-08 12:31 - 2014-07-08 12:21 - 00000000 ___DC () C:\EEK 2014-07-08 10:57 - 2014-07-08 10:57 - 02347384 _____ (ESET) C:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe 2014-07-08 10:34 - 2014-07-08 10:34 - 00030336 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-08 05:00 - 2014-07-08 04:59 - 109621496 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\msert.exe 2014-07-08 00:01 - 2014-07-08 00:01 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-07-02 16:45 - 2014-05-22 04:33 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys 2014-06-30 05:48 - 2014-06-30 05:48 - 00001435 _____ () C:\Users\Lewis\Desktop\Shamdasani - The Boundless Expanse sm - Shortcut.lnk 2014-06-29 22:09 - 2014-07-09 01:41 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-29 22:04 - 2014-07-09 01:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-25 15:47 - 2014-06-25 15:47 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-06-23 05:40 - 2014-03-03 12:02 - 00000000 ___DC () C:\Program Files\Sandboxie 2014-06-23 05:40 - 2014-03-03 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2014-06-23 03:58 - 2014-03-11 17:39 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-23 03:58 - 2014-03-11 17:39 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-20 16:14 - 2014-07-09 01:40 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-06-20 15:39 - 2014-07-09 01:40 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-06-18 21:39 - 2014-07-09 01:40 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-06-18 21:06 - 2014-07-09 01:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-06-18 21:06 - 2014-07-09 01:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-06-18 20:48 - 2014-07-09 01:40 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-06-18 20:42 - 2014-07-09 01:40 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-06-18 20:42 - 2014-07-09 01:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-06-18 20:41 - 2014-07-09 01:40 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-06-18 20:41 - 2014-07-09 01:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-06-18 20:32 - 2014-07-09 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-06-18 20:31 - 2014-07-09 01:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-06-18 20:26 - 2014-07-09 01:40 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-06-18 20:24 - 2014-07-09 01:40 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-06-18 20:24 - 2014-07-09 01:40 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-06-18 20:23 - 2014-07-09 01:40 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-06-18 20:16 - 2014-07-09 01:40 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-06-18 20:14 - 2014-07-09 01:40 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-06-18 20:09 - 2014-07-09 01:40 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-06-18 19:59 - 2014-07-09 01:40 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 19:56 - 2014-07-09 01:40 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-06-18 19:53 - 2014-07-09 01:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-06-18 19:51 - 2014-07-09 01:40 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-06-18 19:50 - 2014-07-09 01:40 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-06-18 19:48 - 2014-07-09 01:40 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-06-18 19:39 - 2014-07-09 01:40 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-06-18 19:38 - 2014-07-09 01:40 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-06-18 19:37 - 2014-07-09 01:40 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-06-18 19:36 - 2014-07-09 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-06-18 19:35 - 2014-07-09 01:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-06-18 19:33 - 2014-07-09 01:40 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-06-18 19:32 - 2014-07-09 01:40 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-06-18 19:28 - 2014-07-09 01:40 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-06-18 19:28 - 2014-07-09 01:40 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-06-18 19:27 - 2014-07-09 01:40 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-06-18 19:27 - 2014-07-09 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-06-18 19:25 - 2014-07-09 01:40 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-06-18 19:23 - 2014-07-09 01:40 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-06-18 19:22 - 2014-07-09 01:40 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-06-18 19:12 - 2014-07-09 01:40 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-06-18 19:06 - 2014-07-09 01:40 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-18 19:01 - 2014-07-09 01:40 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-06-18 18:59 - 2014-07-09 01:40 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-06-18 18:58 - 2014-07-09 01:40 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-06-18 18:58 - 2014-07-09 01:40 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-06-18 18:52 - 2014-07-09 01:40 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-06-18 18:51 - 2014-07-09 01:40 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-06-18 18:49 - 2014-07-09 01:40 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-06-18 18:46 - 2014-07-09 01:40 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-06-18 18:45 - 2014-07-09 01:40 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-06-18 18:35 - 2014-07-09 01:40 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-06-18 18:34 - 2014-07-09 01:40 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-06-18 18:15 - 2014-07-09 01:40 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-06-18 18:13 - 2014-07-09 01:40 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-06-18 18:09 - 2014-07-09 01:40 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-06-18 18:07 - 2014-07-09 01:40 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-06-18 15:18 - 2014-06-18 15:17 - 00000000 ____D () C:\Users\Lewis\AppData\Local\calibre-cache 2014-06-18 15:18 - 2014-06-18 15:15 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\calibre 2014-06-18 14:01 - 2014-06-18 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-18 14:01 - 2014-06-16 05:12 - 10971424 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe 2014-06-18 14:01 - 2014-02-15 06:22 - 00000000 ___DC () C:\ProgramData\HitmanPro 2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-06-17 22:18 - 2014-07-09 01:41 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-06-17 21:51 - 2014-07-09 01:41 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-06-17 21:10 - 2014-07-09 01:41 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-06-17 08:22 - 2014-06-17 08:22 - 12881523 _____ () C:\Users\Lewis\Downloads\blog-06-17-2014.xml 2014-06-16 05:12 - 2014-06-16 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-06-16 05:12 - 2014-06-16 05:11 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-06-16 05:12 - 2014-02-19 06:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-06-15 18:52 - 2014-06-15 18:35 - 00000000 ___DC () C:\Program Files (x86)\Amazon 2014-06-15 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Resources 2014-06-15 18:23 - 2014-06-15 18:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lewis\Downloads\mbar-1.07.0.1012.exe 2014-06-15 18:21 - 2014-04-22 09:23 - 00000000 ___DC () C:\Program Files (x86)\LastPass 2014-06-15 16:46 - 2014-06-15 16:46 - 00000000 _____ () C:\windows\setuperr.log 2014-06-14 23:56 - 2014-04-22 09:23 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass 2014-06-14 23:56 - 2014-04-22 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass 2014-06-14 14:40 - 2012-03-10 19:13 - 00000000 ___DC () C:\Program Files\CCleaner 2014-06-13 16:43 - 2014-06-13 16:43 - 00090202 _____ () C:\Users\Lewis\Downloads\09Jan2014 DEPTH PSYCHOLOGY RESOURCES - MASTER LIST (JAN-9) (3).xlsx 2014-06-13 15:29 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache 2014-06-11 07:55 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-06-09 10:56 - 2014-06-09 16:15 - 00001108 _____ () C:\Users\Lewis\Documents\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
  12. aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-09 17:55:44 ----------------------------- 17:55:44.066 OS Version: Windows x64 6.1.7601 Service Pack 1 17:55:44.067 Number of processors: 4 586 0x2A07 17:55:44.068 ComputerName: LEWIS-PC UserName: Lewis 17:55:45.554 Initialize success 17:55:45.756 VM: initialized successfully 17:55:45.780 VM: Intel CPU supported 17:55:58.685 VM: supported disk I/O iaStor.sys 17:57:08.303 AVAST engine defs: 14070900 17:57:08.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:57:08.657 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3 17:57:09.071 VM: Disk 0 MBR read successfully 17:57:09.079 Disk 0 MBR scan 17:57:09.185 Disk 0 Windows 7 default MBR code 17:57:09.209 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048 17:57:09.241 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 17:57:09.252 Disk 0 Boot: NTFS code=1 17:57:09.307 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 17:57:09.509 Disk 0 scanning C:\windows\system32\drivers 17:57:35.200 Service scanning 17:58:26.331 Modules scanning 17:58:26.347 Disk 0 trace - called modules: 17:58:26.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:58:26.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f63060] 17:58:26.400 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa800591ba10] 17:58:26.413 5 ACPI.sys[fffff88000d7d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005923050] 17:58:27.951 AVAST engine scan C:\windows 17:58:34.996 AVAST engine scan C:\windows\system32 18:04:49.494 AVAST engine scan C:\windows\system32\drivers 18:05:15.886 AVAST engine scan C:\Users\Lewis 18:05:56.936 Scan stopped 18:07:43.219 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat" 18:07:43.225 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR.txt"
  13. For the last three days my laptop is moving at an increasingly slower pace when attempting to open various pages on the internet. I have run Malwarebytes Pro, Microsoft Security Essentials [Full Scan], Microsoft Security Scanner, etc. and cannot find any Malware detected but still my laptop is moving slower and slower. Is there a diagnostic test that I can run to help determine what the source of this issue might be? I am using a Dell 5110; 64 bit operating system, Windows 7 Home Premium Thank you
  14. I have a very general question about the new Premium Version of Malwarebytes. The former version had choices such as Quick Scan, Full Scan, Custom Scan but the new version seems to have only the option to click on "Scan." Is this scan a Full Scan? if so, it is very much faster. Am I correct that this is the only option on the new version or am I missing something. I apologize for asking such a general question but I simply do not know. Thank you
  15. I reset the i.e. settings per instructions. I confirmed that the ccleaner settings I had been using were correct. They were. I ran a Malwarebytes Full Scan and no problems were detected. I have not ignored your admonitions to install the newest version of Malwarebytes but I need to see my sister and find out where she put the registration number so I can perform the manual installation. As of now we seems to be working fine. I will notify you if any unforeseen difficulties rear their ugly heads in the next few day. Thank you for you assistance in this matter.
  16. Well I have the proverbial good news and bad news. The good news is that I ran all of the tasks as directed in your last response without incident. The bad news is after doing so I ran a "Full Scan" with Malwaresbytes and yet another PUP.Optional was found as seen in the log below. This has been the recurring issue on my sister's laptop for the past week or so. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.05.31.07 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421lafsa :: LAFSA-PC [administrator] Protection: Enabled 5/31/2014 12:23:20 PMmbam-log-2014-05-31 (12-23-20).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 443306Time elapsed: 1 hour(s), 38 minute(s), 7 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRTF2OJH\service[1].exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully. (end) What to do now? Thank you.
  17. Results of screen317's Security Check version 0.99.83 Windows Vista Service Pack 2 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` I am getting a message on my sister's laptop that says: Smart Failure Predicted on a Hard Disk 0: ST9320421ASG- (S1) Warning: Immediately back-up your data and replace your hard disk drive. A failure may be imminent. Press F1 to Continue. After I "Press F1" everything seems [so far] to be working properly but a message pops up on the lower left hand side of her screen that says "Backup Failed." This is probably not related to the original issue but what does it mean? Thank you
  18. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02 Ran by lafsa at 2014-05-31 03:33:59 Run:2 Running from C:\Users\lafsa\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** AlternateDataStreams: C:\ProgramData\TEMP:06C5B98F AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll () C:\Users\lafsa\AppData\Local\temp\Quarantine.exe ***************** C:\ProgramData\TEMP => ":06C5B98F" ADS removed successfully. C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully. C:\Users\lafsa\AppData\Local\temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ====
  19. I apologize for the oversight in not previously posting the "Addition.txt from FRST." it is below. I cannot give a definitive answer to how it is so far as I have restricted my use of my sister's laptop to only performing your instructions on conducting the repair and have not used it for any other purpose. The problem "PUP" was only appearing when I ran a Malwarebytes "Full Scan" and not when I ran a "Quick Scan." I would like to run a "Full Scan" and otherwise use her laptop for a day or so before I could firmly assert it was now working properly. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02Ran by lafsa at 2014-05-30 09:33:13Running from C:\Users\lafsa\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAcrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) HiddenATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0422.2237 - )Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Core Implementation (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center Graphics Full Existing (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center Graphics Full New (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center Graphics Light (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2009.0422.2238.38828 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2009.0422.2238.38828 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Danish (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Dutch (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help English (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Finnish (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help French (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help German (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Italian (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Japanese (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Korean (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Norwegian (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Portuguese (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Russian (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Spanish (x32 Version: 2009.0422.2237.38828 - ATI) HiddenCCC Help Swedish (x32 Version: 2009.0422.2237.38828 - ATI) Hiddenccc-core-static (x32 Version: 2009.0422.2238.38828 - ATI) Hiddenccc-utility64 (Version: 2009.0422.2238.38828 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenIntegrated Webcam Driver (1.05.02.1227) (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft UI Engine (x32 Version: 4.0.0318.1 - Microsoft Corporation) HiddenMicrosoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) HiddenMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) HiddenSkins (x32 Version: 2009.0422.2238.38828 - ATI) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 22-05-2014 14:42:29 Windows Update22-05-2014 14:54:05 Windows Backup22-05-2014 22:38:28 Windows Update23-05-2014 16:37:32 Removed Absolute Notifier.23-05-2014 16:39:26 Removed Adobe Reader X (10.1.10).23-05-2014 16:40:47 Removed Advanced Audio FX Engine23-05-2014 16:53:37 Removed File Uploader23-05-2014 16:56:09 Removed Garmin Communicator Plugin23-05-2014 16:56:29 Removed Garmin Communicator Plugin x6423-05-2014 17:02:27 Removed HP Product Detection23-05-2014 17:25:52 Removed Apple Application Support23-05-2014 17:28:23 Removed Bonjour23-05-2014 17:28:56 Removed C-Print Pro Server 2.6.223-05-2014 17:31:56 Removed QuickTime 723-05-2014 17:37:22 Removed WIDCOMM Bluetooth Software 6.1.0.440223-05-2014 17:40:21 Removed ViewNX23-05-2014 17:43:03 Removed ResScan.23-05-2014 17:46:01 Removed SMART Notebook.23-05-2014 17:52:51 Removed Live! Cam Avatar Creator23-05-2014 17:53:49 Removed Java 7 Update 5523-05-2014 17:55:08 Removed iTunes23-05-2014 18:03:20 Removed Apple Mobile Device Support23-05-2014 18:04:22 Removed Apple Software Update23-05-2014 18:14:25 Removed Banctec Service Agreement24-05-2014 00:11:10 Removed Quickset.24-05-2014 01:35:37 Removed Quickset.24-05-2014 01:40:06 Removed Spelling Dictionaries Support For Adobe Reader 9.24-05-2014 01:42:30 Removed Nikon Message Center24-05-2014 01:43:18 Removed Nikon Transfer24-05-2014 01:45:15 Removed Picture Control Utility24-05-2014 22:10:17 Removed HP Update.24-05-2014 22:11:13 削除 PMB24-05-2014 22:12:56 Removed Netflix in Windows Media Center24-05-2014 22:13:26 Removed Google Earth Plug-in.24-05-2014 22:15:44 Garmin Express24-05-2014 22:17:27 Removed Garmin USB Drivers24-05-2014 22:18:20 Removed Complete Care Consumer Service Agreement27-05-2014 10:04:19 Windows Update28-05-2014 13:18:40 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 08:34 - 2014-05-24 18:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1127F92F-9EDB-4B9B-88CB-230CA8608B96} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {19D816FB-BE2A-4AEC-84F2-1444CE82F335} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {4B46EBFC-AECC-45AB-82BF-54D60F89D724} - System32\Tasks\{4D60D156-724A-4FA9-8148-F4CC7E07A3E3} => C:\Program Files (x86)\Skype\Phone\Skype.exeTask: {54486FFB-CDB3-4B54-AD53-30EB7EE4ABB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)Task: {71FFE9F4-0BA2-450D-AF82-1F2FDD7E4E05} - System32\Tasks\tmp292A => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exeTask: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {83A61D0C-49F6-4C8B-8DED-A6F472011CA7} - System32\Tasks\tmpDB67 => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exeTask: {9DD2166A-0A2E-40F4-8BDE-51E319B0F630} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)Task: {AFE51F9E-72B8-4F83-87E9-E8EF9AB8376E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-07-01 00:54 - 2009-05-10 13:27 - 00120320 _____ () C:\Windows\system32\atitmm64.dll2014-05-23 19:35 - 2014-05-13 19:40 - 04217672 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-23 19:36 - 2014-05-13 19:40 - 00414536 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-23 19:35 - 2014-05-13 19:40 - 01732424 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:06C5B98FAlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: btwdins => 2MSCONFIG\Services: FAService => 2MSCONFIG\Services: GoToAssist => 3MSCONFIG\Services: iPod Service => 3MSCONFIG\Services: McComponentHostService => 3MSCONFIG\Services: MozillaMaintenance => 3MSCONFIG\Services: Viewpoint Manager Service => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupreg: Absolute Notifier => "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterMSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Malwarebytes Anti-Exploit => "C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeMSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyMSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exeMSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunMSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exeMSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exeMSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Faulty Device Manager Devices ============= Name: Creative Live! CameraDescription: Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: Creative Technology Ltd.Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Creative Live! CameraDescription: Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: Creative Technology Ltd.Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Creative Live! CameraDescription: Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: Creative Technology Ltd.Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:================== System errors:============= Microsoft Office Sessions:=========================Error: (12/10/2013 04:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3319 seconds with 540 seconds of active time. This session ended with a crash. Error: (11/13/2013 10:40:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 671 seconds with 660 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-05-30 09:33:08.912 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 09:33:08.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 09:33:08.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 09:33:08.329 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 05:15:10.929 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 05:15:10.727 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 05:15:10.539 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 05:15:10.349 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-28 20:54:19.125 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-28 20:54:18.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 44%Total physical RAM: 4089.95 MBAvailable physical RAM: 2277.8 MBTotal Pagefile: 8381.17 MBAvailable Pagefile: 6402.59 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:197.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:4.72 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 298 GB) (Disk ID: ECD0E75A)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you.
  20. I had to "Attach" a couple of the logs as I got a message that "Posting" them all made the post too large. # AdwCleaner v3.210 - Report created 23/05/2014 at 19:01:08 # Updated 19/05/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : lafsa - LAFSA-PC # Running from : C:\Users\lafsa\Downloads\AdwCleaner (1).exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Viewpoint Manager Service ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Ask [!] Folder Deleted : C:\ProgramData\Viewpoint [!] Folder Deleted : C:\Program Files (x86)\Conduit [!] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility [!] Folder Deleted : C:\Users\lafsa\AppData\Local\apn [!] Folder Deleted : C:\Users\lafsa\AppData\Local\Conduit [!] Folder Deleted : C:\Users\lafsa\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\lafsa\AppData\Roaming\DriverCure File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Google Chrome v34.0.1847.137 ************************* AdwCleaner[R0].txt - [5125 octets] - [23/05/2014 18:59:55] AdwCleaner[s0].txt - [4781 octets] - [23/05/2014 19:01:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4841 octets] ########## # AdwCleaner v3.211 - Report created 30/05/2014 at 09:10:04 # Updated 26/05/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : lafsa - LAFSA-PC # Running from : C:\Users\lafsa\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16545 -\\ Google Chrome v35.0.1916.114 ************************* AdwCleaner[R0].txt - [6276 octets] - [23/05/2014 18:59:55] AdwCleaner[R1].txt - [5329 octets] - [24/05/2014 04:54:36] AdwCleaner[R2].txt - [1226 octets] - [27/05/2014 08:51:52] AdwCleaner[R3].txt - [1042 octets] - [27/05/2014 10:26:22] AdwCleaner[R4].txt - [1103 octets] - [27/05/2014 13:15:09] AdwCleaner[s0].txt - [5815 octets] - [23/05/2014 19:01:08] AdwCleaner[s1].txt - [4810 octets] - [24/05/2014 04:55:29] AdwCleaner[s2].txt - [1300 octets] - [27/05/2014 08:53:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5995 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x64 Ran by lafsa on Fri 05/30/2014 at 9:16:43.74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 05/30/2014 at 9:23:38.39 End of JRT log Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.05.30.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 lafsa :: LAFSA-PC [administrator] Protection: Enabled 5/30/2014 9:26:55 AM mbam-log-2014-05-30 (09-26-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 297439 Time elapsed: 4 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) FRST.txt second post.txt
  21. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02 Ran by lafsa at 2014-05-30 05:16:21 Run:1 Running from C:\Users\lafsa\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] () C:\ProgramData\PKP_DLdu.DAT C:\ProgramData\PKP_DLdw.DAT C:\Program Files\pcreg Task: {C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcreg\service.exe ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. pcregservice => Service deleted successfully. C:\ProgramData\PKP_DLdu.DAT => Moved successfully. C:\ProgramData\PKP_DLdw.DAT => Moved successfully. C:\Program Files\pcreg => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} => Key deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully. C:\Windows\Tasks\pcreg.job => Moved successfully. ==== End of Fixlog ==== ComboFix 14-05-29.01 - lafsa 05/30/2014 5:29.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2232 [GMT -4:00] Running from: c:\users\lafsa\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-30 ))))))))))))))))))))))))))))))) . . 2014-05-30 09:40 . 2014-05-30 09:40 -------- d-----w- c:\users\SingleClick Admin\AppData\Local\temp 2014-05-30 09:40 . 2014-05-30 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-24 21:47 . 2014-05-24 21:47 -------- dc----w- c:\program files (x86)\ERUNT 2014-05-24 06:40 . 2014-05-24 08:39 -------- d-----w- c:\users\lafsa\AppData\Local\CrashDumps 2014-05-24 02:09 . 2014-05-24 02:09 -------- dc----w- c:\program files\CCleaner 2014-05-24 00:06 . 2014-05-28 12:12 -------- d-----w- c:\windows\ERUNT 2014-05-24 00:03 . 2014-05-24 08:38 -------- dc----w- c:\program files\HitmanPro 2014-05-24 00:01 . 2014-05-27 15:12 -------- dc----w- c:\programdata\HitmanPro 2014-05-23 23:19 . 2014-05-23 23:19 -------- dc----w- c:\programdata\GridinSoft 2014-05-23 23:14 . 2014-05-23 23:14 -------- dc----w- c:\program files (x86)\GridinSoft Trojan Killer 2014-05-23 23:00 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-05-23 22:59 . 2014-05-27 17:15 -------- dc----w- C:\AdwCleaner 2014-05-22 22:40 . 2014-05-22 22:40 -------- d-----w- c:\windows\system32\WindowsPowerShell 2014-05-17 19:19 . 2014-05-23 17:59 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-14 12:58 . 2014-05-06 00:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-14 12:58 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-14 12:58 . 2014-05-06 00:46 17847808 ----a-w- c:\windows\system32\mshtml.dll 2014-05-14 12:58 . 2014-05-06 00:21 96768 ----a-w- c:\windows\system32\mshtmled.dll 2014-05-14 10:54 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll 2014-05-10 16:19 . 2001-08-18 02:43 24576 ------w- c:\windows\SysWow64\msxml3a.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-27 17:33 . 2014-02-22 23:27 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-14 13:05 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe 2014-05-02 12:56 . 2011-03-25 07:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2014-03-11 13:52 . 2010-10-25 02:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2014-03-08 04:06 . 2014-04-09 13:31 10926592 ----a-w- c:\windows\system32\ieframe.dll 2014-03-08 03:49 . 2014-04-09 13:31 2334720 ----a-w- c:\windows\system32\jscript9.dll 2014-03-08 03:41 . 2014-04-09 13:31 1347072 ----a-w- c:\windows\system32\urlmon.dll 2014-03-08 03:40 . 2014-04-09 13:31 1392128 ----a-w- c:\windows\system32\wininet.dll 2014-03-08 03:39 . 2014-04-09 13:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2014-03-08 03:38 . 2014-04-09 13:31 237056 ----a-w- c:\windows\system32\url.dll 2014-03-08 03:37 . 2014-04-09 13:31 85504 ----a-w- c:\windows\system32\jsproxy.dll 2014-03-08 03:34 . 2014-04-09 13:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2014-03-08 03:34 . 2014-04-09 13:31 816640 ----a-w- c:\windows\system32\jscript.dll 2014-03-08 03:33 . 2014-04-09 13:31 599040 ----a-w- c:\windows\system32\vbscript.dll 2014-03-08 03:32 . 2014-04-09 13:31 729088 ----a-w- c:\windows\system32\msfeeds.dll 2014-03-08 03:32 . 2014-04-09 13:31 2147840 ----a-w- c:\windows\system32\iertutil.dll 2014-03-08 03:24 . 2014-04-09 13:31 248320 ----a-w- c:\windows\system32\ieui.dll 2014-03-07 23:12 . 2014-04-09 13:31 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-03-07 23:02 . 2014-04-09 13:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-03-07 23:02 . 2014-04-09 13:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2014-03-07 22:57 . 2014-04-09 13:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-03-07 22:56 . 2014-04-09 13:32 421376 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-12-07 02:31 . 2013-12-07 02:31 49940480 -c--a-w- c:\program files (x86)\GUTFD68.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-28 14936064] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-23 23:26 1091912 -c--a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 13:15] . 2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 13:15] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.com mLocal Page = c:\windows\system32\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: LastPass - file://c:\users\lafsa\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\users\lafsa\AppData\LocalLow\LastPass\context.html?cmd=fillforms TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="C:/mysql/bin/mysqld.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}] "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2014-05-30 05:43:52 ComboFix-quarantined-files.txt 2014-05-30 09:43 . Pre-Run: 212,229,652,480 bytes free Post-Run: 212,224,270,336 bytes free . - - End Of File - - 5B4D96CC8AEA10E83CCFACFC030BB964 CDB4DE4BBD714F152979DA2DCBEF57EB
  22. Here are the reports you requested: www.malwarebytes.org Database version: v2014.05.28.09 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421lafsa :: LAFSA-PC [administrator] Protection: Enabled 5/28/2014 8:44:13 PMmbam-log-2014-05-28 (20-44-13).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 295950Time elapsed: 5 minute(s), 51 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02Ran by lafsa (administrator) on LAFSA-PC on 28-05-2014 20:52:33Running from C:\Users\lafsa\DownloadsPlatform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\sdclt.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [] => [X]HKLM\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\SingleClick Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xmlFF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-09]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-26]FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: =======Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTIONCHR Extension: (YouTube) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]CHR Extension: (Google Search) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]CHR Extension: (Cloud Reader) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-01-26]CHR Extension: (Gmail) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()S2 CLKMSVC10_1628BCEA; "C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe" /svc [X]S2 MySql; C:/mysql/bin/mysqld.exe [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)S1 Beep; No ImagePathS3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [35840 2009-04-11] (Microsoft Corporation)S4 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-05-27] ()S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [269824 2006-05-16] (HP)S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2006-08-25] (HP)S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [33280 2006-05-16] (HP)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2008-12-19] (McAfee, Inc.)R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 btwaudio; system32\drivers\btwaudio.sys [X]S3 btwavdt; system32\drivers\btwavdt.sys [X]S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-28 20:52 - 2014-05-28 20:52 - 00013126 _____ () C:\Users\lafsa\Downloads\FRST.txt2014-05-28 20:51 - 2014-05-28 20:52 - 00000000 ___DC () C:\FRST2014-05-28 20:51 - 2014-05-28 20:51 - 02066944 _____ (Farbar) C:\Users\lafsa\Downloads\FRST64.exe2014-05-28 08:12 - 2014-05-28 08:12 - 00001299 ____C () C:\DelFix.txt2014-05-28 08:07 - 2014-05-28 20:40 - 00017641 _____ () C:\Windows\WindowsUpdate.log2014-05-28 07:40 - 2014-05-28 07:40 - 00000000 ____D () C:\Users\lafsa\Downloads\erunt2014-05-28 04:44 - 2014-05-28 04:44 - 01686759 _____ () C:\Users\lafsa\Downloads\PSTools.zip2014-05-28 04:40 - 2014-05-28 04:42 - 00000000 ___DC () C:\Program Files (x86)\LastPass2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass2014-05-28 04:38 - 2014-05-28 04:38 - 14936064 _____ (LastPass) C:\Users\lafsa\Downloads\lastpass_x64.exe2014-05-27 13:33 - 2014-05-27 13:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\lafsa\Downloads\mbar-1.07.0.1009 (1).exe2014-05-27 11:14 - 2014-05-27 11:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-05-27 11:12 - 2014-05-27 11:12 - 00002352 _____ () C:\Windows\system32\.crusader2014-05-25 20:30 - 2014-05-25 20:30 - 04995904 _____ (Systweak Inc ) C:\Users\lafsa\Downloads\rcpafterdownloadt_ad_28137_t3.exe2014-05-24 17:59 - 2014-05-24 18:35 - 00000000 ___DC () C:\Qoobox2014-05-24 17:47 - 2014-05-24 18:31 - 00000000 ____D () C:\Windows\ERDNT2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ___DC () C:\Program Files (x86)\ERUNT2014-05-24 02:40 - 2014-05-24 04:39 - 00000000 ____D () C:\Users\lafsa\AppData\Local\CrashDumps2014-05-23 22:09 - 2014-05-23 22:09 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ___DC () C:\Program Files\CCleaner2014-05-23 22:08 - 2014-05-23 22:08 - 04748896 _____ (Piriform Ltd) C:\Users\lafsa\Downloads\ccsetup414.exe2014-05-23 22:04 - 2014-05-23 22:04 - 00831968 _____ () C:\Users\lafsa\Downloads\CCleaner_Setup.exe2014-05-23 20:06 - 2014-05-28 08:12 - 00000000 ____D () C:\Windows\ERUNT2014-05-23 20:03 - 2014-05-24 04:38 - 00000000 ___DC () C:\Program Files\HitmanPro2014-05-23 20:01 - 2014-05-27 11:12 - 00000000 ___DC () C:\ProgramData\HitmanPro2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ___DC () C:\ProgramData\GridinSoft2014-05-23 19:17 - 2014-05-28 08:13 - 00000000 ___DC () C:\Program Files\pcreg2014-05-23 19:17 - 2014-05-28 08:04 - 00000270 _____ () C:\Windows\Tasks\pcreg.job2014-05-23 19:17 - 2014-05-28 08:00 - 00002900 _____ () C:\Windows\System32\Tasks\pcreg2014-05-23 19:14 - 2014-05-25 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ___DC () C:\Program Files (x86)\GridinSoft Trojan Killer2014-05-23 19:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-05-23 18:59 - 2014-05-27 13:15 - 00000000 ___DC () C:\AdwCleaner2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.02014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell2014-05-22 18:37 - 2014-05-22 18:38 - 07536640 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl2014-05-22 18:37 - 2014-05-22 18:38 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf2014-05-22 18:37 - 2014-05-22 18:38 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx2014-05-18 15:21 - 2014-05-18 15:21 - 00921512 _____ (Oracle Corporation) C:\Users\lafsa\Downloads\chromeinstall-7u55 (1).exe2014-05-17 15:19 - 2014-05-23 13:59 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-14 08:58 - 2014-05-05 20:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-14 08:58 - 2014-05-05 20:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-14 08:58 - 2014-05-05 20:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-14 08:58 - 2014-05-05 19:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-14 08:58 - 2014-05-05 19:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-14 08:58 - 2014-05-05 19:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 06:54 - 2014-03-25 12:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 06:54 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-10 12:19 - 2001-08-17 22:43 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll ==================== One Month Modified Files and Folders ======= 2014-05-28 20:52 - 2014-05-28 20:52 - 00013126 _____ () C:\Users\lafsa\Downloads\FRST.txt2014-05-28 20:52 - 2014-05-28 20:51 - 00000000 ___DC () C:\FRST2014-05-28 20:51 - 2014-05-28 20:51 - 02066944 _____ (Farbar) C:\Users\lafsa\Downloads\FRST64.exe2014-05-28 20:40 - 2014-05-28 08:07 - 00017641 _____ () C:\Windows\WindowsUpdate.log2014-05-28 20:36 - 2011-08-27 09:16 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-28 20:35 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-28 20:35 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-05-28 20:35 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-05-28 09:46 - 2009-06-30 22:37 - 00000012 _____ () C:\Windows\bthservsdp.dat2014-05-28 09:46 - 2006-11-02 11:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-05-28 09:46 - 2006-11-02 11:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-05-28 09:24 - 2011-08-27 09:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-28 08:13 - 2014-05-23 19:17 - 00000000 ___DC () C:\Program Files\pcreg2014-05-28 08:12 - 2014-05-28 08:12 - 00001299 ____C () C:\DelFix.txt2014-05-28 08:12 - 2014-05-23 20:06 - 00000000 ____D () C:\Windows\ERUNT2014-05-28 08:04 - 2014-05-23 19:17 - 00000270 _____ () C:\Windows\Tasks\pcreg.job2014-05-28 08:00 - 2014-05-23 19:17 - 00002900 _____ () C:\Windows\System32\Tasks\pcreg2014-05-28 07:40 - 2014-05-28 07:40 - 00000000 ____D () C:\Users\lafsa\Downloads\erunt2014-05-28 07:38 - 2009-07-11 07:37 - 00000000 ___RD () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-28 04:44 - 2014-05-28 04:44 - 01686759 _____ () C:\Users\lafsa\Downloads\PSTools.zip2014-05-28 04:42 - 2014-05-28 04:40 - 00000000 ___DC () C:\Program Files (x86)\LastPass2014-05-28 04:42 - 2006-11-02 09:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass2014-05-28 04:38 - 2014-05-28 04:38 - 14936064 _____ (LastPass) C:\Users\lafsa\Downloads\lastpass_x64.exe2014-05-27 14:11 - 2014-02-22 19:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-05-27 13:33 - 2014-05-27 13:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\lafsa\Downloads\mbar-1.07.0.1009 (1).exe2014-05-27 13:33 - 2014-02-22 19:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-27 13:15 - 2014-05-23 18:59 - 00000000 ___DC () C:\AdwCleaner2014-05-27 11:14 - 2014-05-27 11:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys2014-05-27 11:14 - 2010-02-18 14:47 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Apps\2.02014-05-27 11:12 - 2014-05-27 11:12 - 00002352 _____ () C:\Windows\system32\.crusader2014-05-27 11:12 - 2014-05-23 20:01 - 00000000 ___DC () C:\ProgramData\HitmanPro2014-05-27 09:05 - 2011-05-17 06:20 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8901C488-680D-4A15-8FC2-EB9BDCA3FFC3}2014-05-26 08:04 - 2009-08-14 09:45 - 00000000 ____D () C:\Windows\Minidump2014-05-25 20:30 - 2014-05-25 20:30 - 04995904 _____ (Systweak Inc ) C:\Users\lafsa\Downloads\rcpafterdownloadt_ad_28137_t3.exe2014-05-25 16:15 - 2014-05-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft2014-05-24 18:41 - 2009-07-11 07:37 - 00000000 ____D () C:\Users\lafsa2014-05-24 18:35 - 2014-05-24 17:59 - 00000000 ___DC () C:\Qoobox2014-05-24 18:35 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default2014-05-24 18:31 - 2014-05-24 17:47 - 00000000 ____D () C:\Windows\ERDNT2014-05-24 18:29 - 2006-11-02 08:34 - 00000215 ____C () C:\Windows\system.ini2014-05-24 18:19 - 2009-07-01 00:38 - 00000000 ___DC () C:\DELL2014-05-24 18:19 - 2009-06-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2014-05-24 18:18 - 2012-08-05 15:54 - 00000000 ___DC () C:\Program Files (x86)\Garmin2014-05-24 18:16 - 2013-04-03 22:01 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Garmin2014-05-24 18:16 - 2013-04-03 21:50 - 00000000 ___DC () C:\ProgramData\Garmin2014-05-24 18:16 - 2012-08-05 15:00 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Garmin2014-05-24 18:15 - 2009-07-16 10:02 - 00000000 ___DC () C:\Program Files (x86)\Google2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ___DC () C:\Program Files (x86)\ERUNT2014-05-24 04:39 - 2014-05-24 02:40 - 00000000 ____D () C:\Users\lafsa\AppData\Local\CrashDumps2014-05-24 04:38 - 2014-05-23 20:03 - 00000000 ___DC () C:\Program Files\HitmanPro2014-05-23 22:11 - 2009-07-11 11:55 - 00000000 ____D () C:\Users\lafsa\Tracing2014-05-23 22:09 - 2014-05-23 22:09 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ___DC () C:\Program Files\CCleaner2014-05-23 22:08 - 2014-05-23 22:08 - 04748896 _____ (Piriform Ltd) C:\Users\lafsa\Downloads\ccsetup414.exe2014-05-23 22:04 - 2014-05-23 22:04 - 00831968 _____ () C:\Users\lafsa\Downloads\CCleaner_Setup.exe2014-05-23 21:44 - 2009-11-28 21:12 - 00000000 ___DC () C:\Program Files (x86)\Nikon2014-05-23 21:44 - 2009-11-28 21:11 - 00000000 ___HC () C:\ProgramData\PKP_DLdu.DAT2014-05-23 21:44 - 2009-11-28 21:11 - 00000000 _____ () C:\Users\lafsa\AppData\Roaming\Calibrators2014-05-23 21:42 - 2009-06-30 22:49 - 00000000 ___DC () C:\ProgramData\CyberLink2014-05-23 21:42 - 2009-06-30 22:38 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information2014-05-23 21:37 - 2009-06-30 22:38 - 00000000 ___DC () C:\Program Files\Dell2014-05-23 20:12 - 2011-01-02 14:12 - 00000258 _RSHC () C:\ProgramData\ntuser.pol2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ___DC () C:\ProgramData\GridinSoft2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ___DC () C:\Program Files (x86)\GridinSoft Trojan Killer2014-05-23 18:10 - 2014-03-10 14:27 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit2014-05-23 16:27 - 2006-11-02 11:21 - 00393808 _____ () C:\Windows\system32\FNTCACHE.DAT2014-05-23 16:15 - 2009-07-11 07:37 - 00106080 _____ () C:\Users\lafsa\AppData\Local\GDIPFONTCACHEV1.DAT2014-05-23 14:58 - 2009-08-30 18:09 - 00007728 _____ () C:\Users\lafsa\AppData\Local\d3d9caps.dat2014-05-23 14:01 - 2009-07-11 10:52 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Apple Computer2014-05-23 13:59 - 2014-05-17 15:19 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-23 13:59 - 2011-12-17 15:30 - 00000000 ___DC () C:\Program Files (x86)\iTunes2014-05-23 13:58 - 2012-02-10 11:22 - 00000000 ___DC () C:\Program Files\iPod2014-05-23 13:54 - 2009-06-30 22:32 - 00000000 ___DC () C:\Program Files (x86)\Java2014-05-23 13:53 - 2009-06-30 23:01 - 00000000 ___DC () C:\Program Files (x86)\Creative2014-05-23 13:50 - 2010-05-06 16:31 - 00000000 ____D () C:\ProgramData\SMART Technologies2014-05-23 13:45 - 2014-04-03 08:32 - 00000000 ___DC () C:\Program Files (x86)\ResMed2014-05-23 13:42 - 2009-11-28 21:14 - 00000000 ___HC () C:\ProgramData\PKP_DLdw.DAT2014-05-23 13:42 - 2009-11-28 21:14 - 00000000 _____ () C:\Users\lafsa\AppData\Roaming\Channel2014-05-23 13:37 - 2009-07-24 13:08 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox2014-05-23 13:36 - 2014-03-02 09:14 - 00000000 ___DC () C:\Program Files (x86)\QuickTime2014-05-23 13:31 - 2010-10-14 06:18 - 00000000 ___DC () C:\Program Files (x86)\NTID2014-05-23 13:28 - 2009-07-11 10:48 - 00000000 ___DC () C:\ProgramData\Apple2014-05-23 13:07 - 2009-07-23 17:38 - 00061102 ____C () C:\ProgramData\hpzinstall.log2014-05-23 13:03 - 2009-07-23 17:37 - 00000000 ____D () C:\ProgramData\HP2014-05-23 12:59 - 2009-07-23 17:42 - 00000000 ___DC () C:\Program Files (x86)\HP2014-05-23 12:40 - 2009-06-30 22:40 - 00000000 ___DC () C:\ProgramData\Adobe2014-05-23 12:40 - 2009-06-30 22:40 - 00000000 ___DC () C:\Program Files (x86)\Adobe2014-05-23 12:36 - 2009-07-16 10:07 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Google2014-05-23 10:13 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache2014-05-22 18:43 - 2009-10-29 14:28 - 00000000 ____D () C:\Windows\pss2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.02014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell2014-05-22 18:38 - 2014-05-22 18:37 - 07536640 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl2014-05-22 18:38 - 2014-05-22 18:37 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf2014-05-22 18:38 - 2014-05-22 18:37 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx2014-05-22 10:37 - 2006-11-02 08:46 - 00723270 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-18 15:28 - 2013-11-03 08:41 - 00000000 ____D () C:\ProgramData\Oracle2014-05-18 15:21 - 2014-05-18 15:21 - 00921512 _____ (Oracle Corporation) C:\Users\lafsa\Downloads\chromeinstall-7u55 (1).exe2014-05-14 09:09 - 2009-06-30 22:58 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-14 09:07 - 2013-08-14 21:50 - 00000000 ____D () C:\Windows\system32\MRT2014-05-14 09:05 - 2006-11-02 08:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-05-10 12:19 - 2009-07-30 10:14 - 00000000 ___DC () C:\Program Files (x86)\Audible2014-05-08 22:19 - 2011-08-27 09:16 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 22:19 - 2011-08-27 09:16 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-08 11:49 - 2009-07-16 14:07 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Adobe2014-05-05 20:46 - 2014-05-14 08:58 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-05 20:21 - 2014-05-14 08:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-05 20:21 - 2014-05-14 08:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-05 19:32 - 2014-05-14 08:58 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-05 19:14 - 2014-05-14 08:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-05 19:14 - 2014-05-14 08:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-02 18:43 - 2014-02-27 13:29 - 00000000 ____D () C:\Users\SingleClick Admin2014-05-02 18:43 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc2014-05-02 18:43 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration2014-05-02 18:43 - 2006-11-02 08:33 - 94109696 _____ () C:\Windows\system32\config\software_previous2014-05-02 18:43 - 2006-11-02 08:33 - 28835840 _____ () C:\Windows\system32\config\system_previous2014-05-02 18:39 - 2006-11-02 08:33 - 54525952 _____ () C:\Windows\system32\config\components_previous2014-05-02 18:39 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous2014-05-02 12:14 - 2006-11-02 08:33 - 00786432 _____ () C:\Windows\system32\config\default_previous2014-05-02 12:14 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous2014-04-29 19:45 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions Files to move or delete:====================C:\ProgramData\PKP_DLdu.DATC:\ProgramData\PKP_DLdw.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-28 20:42 ==================== End Of Log ============================ RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : lafsa [Admin rights]Mode : Scan -- Date : 05/28/2014 21:04:28| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤[Address] EAT @explorer.exe (DllCanUnloadNow) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968F34)[Address] EAT @explorer.exe (DllGetClassObject) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968FF0)[Address] EAT @explorer.exe (FastMimeGetFileExtension) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7794B720)[Address] EAT @explorer.exe (FastMimeGetIsMimeFilterEnabled) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945B20)[Address] EAT @explorer.exe (FastMimeLookupKnownType) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945A68)[Address] EAT @explorer.exe (FastMimeSetIsMimeFilterEnabled) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945FD8)[Address] EAT @explorer.exe (IEGetFrameUtilExports) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DD0)[Address] EAT @explorer.exe (IEGetProcessModule) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DB0)[Address] EAT @explorer.exe (IEGetTabWindowExports) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DC0)[Address] EAT @explorer.exe (IERT_DelayLoadFailureHook) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x779691B0)[Address] EAT @explorer.exe (ImpersonateUser) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77970C98)[Address] EAT @explorer.exe (LCIECalculatePackedStringSize) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B5A4)[Address] EAT @explorer.exe (LCIEPackString) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B684)[Address] EAT @explorer.exe (LCIEUnpackString) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B520)[Address] EAT @explorer.exe (ResetIEExtensibility) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77971CF0)[Address] EAT @explorer.exe (ResetIERegistrySettings) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77971AE0)[Address] EAT @explorer.exe (RevertImpersonate) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77970D18)[Address] EAT @explorer.exe (DllCanUnloadNow) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD00459C)[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD0045C8)[Address] EAT @explorer.exe (DllMain) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD00457C)[Address] EAT @explorer.exe (BCryptAddContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2594C)[Address] EAT @explorer.exe (BCryptAddContextFunctionProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26340)[Address] EAT @explorer.exe (BCryptCloseAlgorithmProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC124FC)[Address] EAT @explorer.exe (BCryptConfigureContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC255B8)[Address] EAT @explorer.exe (BCryptConfigureContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25F14)[Address] EAT @explorer.exe (BCryptCreateContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25128)[Address] EAT @explorer.exe (BCryptCreateHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC144BC)[Address] EAT @explorer.exe (BCryptDecrypt) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13484)[Address] EAT @explorer.exe (BCryptDeleteContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC252C8)[Address] EAT @explorer.exe (BCryptDeriveKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14124)[Address] EAT @explorer.exe (BCryptDestroyHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14904)[Address] EAT @explorer.exe (BCryptDestroyKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14338)[Address] EAT @explorer.exe (BCryptDestroySecret) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14420)[Address] EAT @explorer.exe (BCryptDuplicateHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14998)[Address] EAT @explorer.exe (BCryptDuplicateKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14270)[Address] EAT @explorer.exe (BCryptEncrypt) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13168)[Address] EAT @explorer.exe (BCryptEnumAlgorithms) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12564)[Address] EAT @explorer.exe (BCryptEnumContextFunctionProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26718)[Address] EAT @explorer.exe (BCryptEnumContextFunctions) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25CDC)[Address] EAT @explorer.exe (BCryptEnumContexts) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25454)[Address] EAT @explorer.exe (BCryptEnumProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12970)[Address] EAT @explorer.exe (BCryptEnumRegisteredProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25050)[Address] EAT @explorer.exe (BCryptExportKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13770)[Address] EAT @explorer.exe (BCryptFinalizeKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC130F8)[Address] EAT @explorer.exe (BCryptFinishHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14860)[Address] EAT @explorer.exe (BCryptFreeBuffer) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12C44)[Address] EAT @explorer.exe (BCryptGenRandom) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15034)[Address] EAT @explorer.exe (BCryptGenerateKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12FE0)[Address] EAT @explorer.exe (BCryptGenerateSymmetricKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12EEC)[Address] EAT @explorer.exe (BCryptGetFipsAlgorithmMode) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC27250)[Address] EAT @explorer.exe (BCryptGetProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12C70)[Address] EAT @explorer.exe (BCryptHashData) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC1481C)[Address] EAT @explorer.exe (BCryptImportKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC139BC)[Address] EAT @explorer.exe (BCryptImportKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13ADC)[Address] EAT @explorer.exe (BCryptOpenAlgorithmProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC120F0)[Address] EAT @explorer.exe (BCryptQueryContextConfiguration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2574C)[Address] EAT @explorer.exe (BCryptQueryContextFunctionConfiguration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC260E0)[Address] EAT @explorer.exe (BCryptQueryContextFunctionProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26BB0)[Address] EAT @explorer.exe (BCryptQueryProviderRegistration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24E00)[Address] EAT @explorer.exe (BCryptRegisterConfigChangeNotify) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26E38)[Address] EAT @explorer.exe (BCryptRegisterProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24A74)[Address] EAT @explorer.exe (BCryptRemoveContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25B20)[Address] EAT @explorer.exe (BCryptRemoveContextFunctionProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2653C)[Address] EAT @explorer.exe (BCryptResolveProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC27030)[Address] EAT @explorer.exe (BCryptSecretAgreement) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14000)[Address] EAT @explorer.exe (BCryptSetAuditingInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15510)[Address] EAT @explorer.exe (BCryptSetContextFunctionProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2699C)[Address] EAT @explorer.exe (BCryptSetProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12E2C)[Address] EAT @explorer.exe (BCryptSignHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14AF0)[Address] EAT @explorer.exe (BCryptUnregisterConfigChangeNotify) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26F50)[Address] EAT @explorer.exe (BCryptUnregisterProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24CBC)[Address] EAT @explorer.exe (BCryptVerifySignature) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14DE4)[Address] EAT @explorer.exe (GetAsymmetricEncryptionInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15400)[Address] EAT @explorer.exe (GetCipherInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15364)[Address] EAT @explorer.exe (GetHashInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC153D0)[Address] EAT @explorer.exe (GetRngInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC155E8)[Address] EAT @explorer.exe (GetSecretAgreementInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15490)[Address] EAT @explorer.exe (GetSignatureInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15410) ¤¤¤ External Hives: ¤¤¤-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320421ASG ATA Device +++++--- User ---[MBR] 18ba7263226a027ee89824789d471ca2[bSP] 35d795a8da2df7ea9c1836bfe839d26b : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 MB2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_05282014_210428.txt >> Thank you Addition.txt
  23. My sister has given me her laptop and see if Malwarebytes can resolve a recurring problem. She is a subscriber to Malwarebytes Anti-Malware Pro. For the past several days whenever she runs a full scan a variety of “PUPS” come up. One day over 70 appeared. Most troublesome is that one PUP in particular keeps coming up even if it is found; sent to quarantine; system is rebooted and a full scan is done immediately afterwards the same PUP appears as an infection yet again. A mbam log report of earlier this morning shows the offensive PUP: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.05.27.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 lafsa :: LAFSA-PC [administrator] Protection: Enabled 5/28/2014 4:29:30 AM mbam-log-2014-05-28 (04-29-30).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 440079 Time elapsed: 1 hour(s), 32 minute(s), 2 second(s) Memory Processes Detected: 2 C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> 3396 -> Delete on reboot. C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> 3384 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0M84K10\service[1].exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully. (end) Her laptop is: Dell Studio XPS 1640 [Vista]; 64 bit operating system. Any assistance you can provide will be greatly appreciated. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.