-
Posts
14 -
Joined
-
Last visited
Reputation
0 Neutral-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Sorry for the delay! I have run Malwarebytes Anti-Rootkit. After the scan, it says: "Congratulations, no cleanup is required!". I guess it is therefore that I only can finde the system-log.txt file in the MBAR folder, but not the mbar-log.txt file. Thanks a lot for your time FriZin system-log.txt: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4882042880 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4892184576 Downloaded database version: v2014.02.24.03Downloaded database version: v2014.02.20.01=======================================Initializing...------------ Kernel report ------------ 02/24/2014 12:55:28------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imm32.dll\Windows\System32\msctf.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\shlwapi.dll\Windows\System32\shell32.dll\Windows\System32\user32.dll\Windows\System32\msvcrt.dll\Windows\System32\ole32.dll\Windows\System32\clbcatq.dll\Windows\System32\comdlg32.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\oleaut32.dll\Windows\System32\gdi32.dll\Windows\System32\ws2_32.dll\Windows\System32\nsi.dll\Windows\System32\normaliz.dll\Windows\System32\Wldap32.dll\Windows\System32\usp10.dll\Windows\System32\urlmon.dll\Windows\System32\rpcrt4.dll\Windows\System32\kernel32.dll\Windows\System32\sechost.dll\Windows\System32\setupapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815a060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006edb050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fdb9e0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006edb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-02-14 14:31:47-----------------------------14:31:47.682 OS Version: Windows x64 6.1.7601 Service Pack 114:31:47.697 Number of processors: 4 586 0x2A0714:31:47.697 ComputerName: PALOMA-PC UserName: Paloma14:31:48.196 Initialize success14:34:01.590 AVAST engine defs: 1402140114:34:10.170 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-114:34:10.186 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 314:34:10.311 Disk 0 MBR read successfully14:34:10.311 Disk 0 MBR scan14:34:10.326 Disk 0 unknown MBR code14:34:10.357 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204814:34:10.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 82944 MB offset 20684814:34:10.389 Disk 0 Partition - 00 0F Extended LBA 609042 MB offset 17007616014:34:10.420 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23317 MB offset 141739417614:34:10.498 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 609041 MB offset 17007820814:34:10.638 Disk 0 scanning C:\windows\system32\drivers14:34:50.418 Service scanning14:35:52.694 Modules scanning14:35:53.224 Disk 0 trace - called modules:14:35:53.240 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:35:53.255 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800813d060]14:35:53.271 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062c2050]14:35:53.739 AVAST engine scan C:\windows14:36:04.175 AVAST engine scan C:\windows\system3214:45:01.109 AVAST engine scan C:\windows\system32\drivers14:45:19.814 AVAST engine scan C:\Users\Paloma14:48:54.252 AVAST engine scan C:\ProgramData14:53:33.791 Scan finished successfully15:05:27.167 Disk 0 MBR has been saved successfully to "C:\Users\Paloma\Desktop\MBR.dat"15:05:27.167 The log file has been saved successfully to "C:\Users\Paloma\Desktop\aswMBR.txt" FriZin PD: is there any way of changing my username from "Frizinkerq" to "Frizinker"?- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
I couldn't... Could this program help? http://www.dependencywalker.com/ Of course, I don't know how to use it... Thanks! FriZin- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
I have updated my flash to version 12.0.0.44, but the run-time error keeps popping up (image attached). I cannot run MBAM. I have done some research and found out that this error may be related with a dll-file-chaos in my computer, but I am unable to concrete what dll files are causing the problem: https://forums.malwarebytes.org/index.php?showtopic=104494 Thanks for your help. FriZin- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Thank you, Ron! FriZin Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader XI Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader XI Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
I have followed your instructions, but I have made a mistake. I have accidentally deleted the Fixlog.txt (I thought I was the fixlist.txt that I didn't need anymore...). Thus, I have run FRST64 again. Here is the log to that second running: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2014Ran by Paloma at 2014-02-07 08:35:02 Run:2Running from C:\Users\Paloma\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************KCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/?p...kyp&ocid=skydhpHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.comBHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)C:\ProgramData\pclunst.exeC:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dllC:\Users\Paloma\AppData\Local\Temp\Quarantine.exe ***************** HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found."C:\ProgramData\pclunst.exe" => File/Directory not found."C:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found."C:\Users\Paloma\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. ==== End of Fixlog ====- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Here is the log (FRST.txt) of the Farbar Recovery Scan Tool. The tool did not generate the Addition.txt... Thanks! FriZin Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014Ran by Paloma (administrator) on PALOMA-PC on 06-02-2014 20:43:55Running from C:\Users\Paloma\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern SortInternet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(Dropbox, Inc.) C:\Users\Paloma\AppData\Roaming\Dropbox\bin\Dropbox.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Startup: C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Paloma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/?pc=skyp&ocid=skydhpHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Paloma\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Extension: (AdBlock) - C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-13]CHR Extension: (Google Wallet) - C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-22] (Windows ® 2003 DDK 3790 provider)R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-06 20:43 - 2014-02-06 20:43 - 00010173 _____ () C:\Users\Paloma\Desktop\FRST.txt2014-02-06 20:43 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST-OlderVersion2014-02-06 19:19 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\Paloma\Desktop\FRST64.exe2014-02-06 19:17 - 2014-02-06 19:17 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-06 07:20 - 2014-02-06 07:23 - 02347384 _____ (ESET) C:\Users\Paloma\Desktop\esetsmartinstaller_enu.exe2014-02-06 07:14 - 2014-02-06 07:14 - 00001061 _____ () C:\Users\Paloma\Desktop\AdwCleaner[s3].txt2014-02-06 07:07 - 2014-02-06 07:11 - 00000000 ____D () C:\AdwCleaner2014-02-06 01:59 - 2014-02-06 01:59 - 00011264 _____ () C:\Users\Paloma\Desktop\JRT.txt2014-02-06 00:59 - 2014-02-06 01:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-06 00:59 - 2014-02-06 01:22 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-02-06 00:56 - 2014-02-06 00:57 - 01166132 _____ () C:\Users\Paloma\Desktop\AdwCleaner.exe2014-02-06 00:54 - 2014-02-06 00:55 - 01037530 _____ (Thisisu) C:\Users\Paloma\Desktop\JRT.exe2014-02-06 00:53 - 2014-02-06 01:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-06 00:51 - 2014-02-06 01:40 - 00000000 ____D () C:\Users\Paloma\Desktop\mbar2014-02-06 00:49 - 2014-02-06 00:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paloma\Desktop\mbar-1.07.0.1009.exe2014-02-05 22:33 - 2014-02-06 15:27 - 00000000 ____D () C:\Users\Paloma\Downloads\Imprimir2014-02-05 00:46 - 2014-02-05 00:46 - 00002094 _____ () C:\Users\Paloma\Desktop\RKreport[0]_S_02052014_004657.txt2014-02-05 00:42 - 2014-02-05 00:47 - 00000000 ____D () C:\Users\Paloma\Desktop\RK_Quarantine2014-02-05 00:41 - 2014-02-05 00:42 - 04380160 _____ () C:\Users\Paloma\Desktop\RogueKillerX64.exe2014-02-05 00:35 - 2014-02-05 00:35 - 00000902 _____ () C:\Users\Paloma\Desktop\NTREGOPT.lnk2014-02-05 00:35 - 2014-02-05 00:35 - 00000883 _____ () C:\Users\Paloma\Desktop\ERUNT.lnk2014-02-05 00:33 - 2014-02-05 00:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-05 00:28 - 2014-02-05 00:28 - 00791393 _____ (Lars Hederer ) C:\Users\Paloma\Desktop\erunt-setup.exe2014-02-05 00:27 - 2014-02-05 00:30 - 00002122 _____ () C:\Users\Paloma\Desktop\Rkill.txt2014-02-05 00:26 - 2014-02-05 00:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Paloma\Desktop\rkill.exe2014-02-04 23:41 - 2014-02-04 23:42 - 00000000 ____D () C:\Users\Paloma\Downloads\Nueva carpeta2014-02-03 21:47 - 2014-02-03 21:47 - 00113928 _____ () C:\Users\Paloma\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-03 21:03 - 2014-02-06 19:12 - 00000448 _____ () C:\windows\setupact.log2014-02-03 21:03 - 2014-02-03 21:03 - 00422896 _____ () C:\windows\system32\FNTCACHE.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00000000 _____ () C:\windows\setuperr.log2014-02-01 18:17 - 2014-02-01 18:17 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-01 18:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-02-01 10:31 - 2014-02-01 10:31 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-01 10:24 - 2014-02-01 10:24 - 00000000 ____D () C:\Users\Paloma\Desktop\Windows Repair2014-02-01 10:22 - 2014-02-01 10:23 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.Desktop.Exception.log2014-02-01 10:22 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Skype2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Internet2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST642014-02-01 10:13 - 2014-02-06 20:43 - 00000000 ____D () C:\FRST2014-01-31 18:20 - 2014-01-31 18:20 - 00000021 _____ () C:\Users\Paloma\AppData\Roaming\mbam.context.scan2014-01-31 18:12 - 2014-01-31 18:12 - 00000000 ____D () C:\c01583f13b0614665f2014-01-31 17:47 - 2014-01-31 17:51 - 00002224 _____ () C:\windows\system32\ASOROSet.bin2014-01-31 17:46 - 2014-01-31 17:47 - 00000000 ____D () C:\windows\system32\config\RCCBakup2014-01-31 15:30 - 2014-01-31 15:30 - 00096208 _____ () C:\windows\SysWOW64\vcomctl32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00051200 _____ () C:\windows\SysWOW64\vkernel32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00035328 _____ () C:\windows\SysWOW64\vuser32.dll2014-01-31 15:23 - 2014-01-31 15:23 - 00000000 ____D () C:\Users\Paloma\Documents\Visual Studio 20052014-01-31 00:54 - 2014-01-31 00:54 - 00000000 ____D () C:\63d26f454ba3a54ec38dc7872014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\ProgramData\ESET2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\Program Files\ESET2014-01-30 20:13 - 2014-01-30 20:13 - 00000000 ____D () C:\Program Files (x86)\ESET NOD322014-01-29 10:58 - 2011-10-11 11:30 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS2014-01-29 10:58 - 2011-10-11 11:30 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT2014-01-29 10:58 - 2008-11-08 23:09 - 00428544 _____ (Samsung Electronics) C:\windows\AutoReseal.exe2014-01-29 10:58 - 2007-11-15 02:13 - 00423936 _____ (TODO: <Company name>) C:\windows\Reseal64.exe2014-01-29 04:00 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe2014-01-29 04:00 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe2014-01-29 04:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe2014-01-29 03:59 - 2014-01-30 19:53 - 00000000 ____D () C:\Qoobox2014-01-29 03:58 - 2014-02-05 00:34 - 00000000 ____D () C:\windows\erdnt2014-01-29 03:26 - 2014-01-29 03:37 - 00000000 ____D () C:\ProgramData\Package Cache2014-01-29 02:57 - 2014-01-29 02:57 - 00003276 _____ () C:\windows\System32\Tasks\{EA1A2A69-2609-4E55-ABAB-C698B64C2F24}2014-01-29 00:03 - 2009-07-14 02:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\ctl3d32.dll2014-01-28 23:52 - 2014-01-29 10:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll2014-01-28 21:42 - 2014-02-06 19:21 - 00000000 ____D () C:\Users\Paloma\AppData\Local\CrashDumps2014-01-28 20:24 - 2014-01-28 20:24 - 00832872 _____ (Macromedia, Inc.) C:\windows\system32\flash.ocx2014-01-28 20:24 - 2014-01-28 20:24 - 00608448 _____ (Microsoft Corporation) C:\windows\system32\comctl32.ocx2014-01-28 20:12 - 2014-01-28 20:20 - 00198656 _____ (Microsoft Corporation) C:\windows\comdlg32.ocx2014-01-28 20:12 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\windows\SSubTmr6.dll2014-01-28 19:59 - 2014-01-28 19:59 - 03223152 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dgl.dll2014-01-28 19:59 - 2014-01-28 19:59 - 00219248 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dum.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01047552 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71u.dll2014-01-28 19:56 - 2014-01-28 20:12 - 00063088 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00606208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstime.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00053360 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLib.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00050800 _____ (VMware, Inc.) C:\windows\SysWOW64\vmhgfs.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00034416 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLibJava.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\corpol.dll2014-01-28 19:35 - 2014-01-28 19:35 - 00000000 ____D () C:\ProgramData\Weskysoft2014-01-28 19:28 - 2014-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\DLLSuite2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\windows\ERUNT2014-01-28 18:40 - 2014-01-28 18:40 - 00102912 _____ (Microsoft Corporation) C:\windows\SysWOW64\vb6stkit.dll2014-01-28 18:38 - 2014-01-28 18:38 - 01355776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvbvm50.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-28 18:22 - 2014-01-28 18:22 - 00002986 _____ () C:\windows\System32\Tasks\{45CB59DC-D832-4782-846C-F3EB176B2537}2014-01-28 18:21 - 2014-01-28 18:21 - 00002986 _____ () C:\windows\System32\Tasks\{3289EEA8-1FD0-4B6B-9F07-8C2D94F3A841}2014-01-28 18:20 - 2014-01-28 18:20 - 00002986 _____ () C:\windows\System32\Tasks\{B11F8FFC-F73B-4D0D-BEFD-5DE92E89C2C7}2014-01-28 17:25 - 2013-04-05 11:21 - 05067472 _____ (PC Cleaners) C:\windows\uninst.exe2014-01-15 16:54 - 2014-01-15 17:06 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-01-15 16:54 - 2014-01-15 17:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-01-15 16:54 - 2014-01-15 16:56 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\windows\system32\Macromed2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\ProgramData\McAfee2014-01-15 16:42 - 2014-01-15 16:42 - 00000000 ____D () C:\ProgramData\PC Drivers Headquarters2014-01-15 16:12 - 2014-01-15 16:12 - 00003128 _____ () C:\windows\System32\Tasks\{E0E2DC5D-BFD0-459E-B1AC-C8C2A563DC50}2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Sun2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Oracle2014-01-15 15:34 - 2014-01-15 16:40 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Downloaded Installations2014-01-15 14:25 - 2014-01-15 14:24 - 06345936 _____ (PC Cleaners) C:\ProgramData\pclunst.exe2014-01-15 13:38 - 2014-01-15 13:38 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC ==================== One Month Modified Files and Folders ======= 2014-02-06 20:44 - 2014-02-06 20:43 - 00010173 _____ () C:\Users\Paloma\Desktop\FRST.txt2014-02-06 20:43 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST-OlderVersion2014-02-06 20:43 - 2014-02-06 19:19 - 02079744 _____ (Farbar) C:\Users\Paloma\Desktop\FRST64.exe2014-02-06 20:43 - 2014-02-01 10:13 - 00000000 ____D () C:\FRST2014-02-06 20:30 - 2012-01-21 21:10 - 00001114 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771593470-3012635902-189330645-1001UA.job2014-02-06 19:21 - 2014-01-28 21:42 - 00000000 ____D () C:\Users\Paloma\AppData\Local\CrashDumps2014-02-06 19:20 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-06 19:20 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-06 19:17 - 2014-02-06 19:17 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-06 19:17 - 2011-10-12 02:49 - 00145300 _____ () C:\windows\system32\perfc00A.dat2014-02-06 19:17 - 2011-10-12 02:49 - 00019236 _____ () C:\windows\system32\perfh00A.dat2014-02-06 19:17 - 2009-07-14 06:13 - 00889912 _____ () C:\windows\system32\PerfStringBackup.INI2014-02-06 19:16 - 2012-09-16 16:30 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Dropbox2014-02-06 19:15 - 2012-09-16 16:34 - 00000000 ___RD () C:\Users\Paloma\Dropbox2014-02-06 19:12 - 2014-02-03 21:03 - 00000448 _____ () C:\windows\setupact.log2014-02-06 19:12 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-02-06 15:27 - 2014-02-05 22:33 - 00000000 ____D () C:\Users\Paloma\Downloads\Imprimir2014-02-06 07:23 - 2014-02-06 07:20 - 02347384 _____ (ESET) C:\Users\Paloma\Desktop\esetsmartinstaller_enu.exe2014-02-06 07:14 - 2014-02-06 07:14 - 00001061 _____ () C:\Users\Paloma\Desktop\AdwCleaner[s3].txt2014-02-06 07:12 - 2011-12-26 19:28 - 01887751 _____ () C:\windows\WindowsUpdate.log2014-02-06 07:11 - 2014-02-06 07:07 - 00000000 ____D () C:\AdwCleaner2014-02-06 01:59 - 2014-02-06 01:59 - 00011264 _____ () C:\Users\Paloma\Desktop\JRT.txt2014-02-06 01:40 - 2014-02-06 00:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-06 01:40 - 2014-02-06 00:51 - 00000000 ____D () C:\Users\Paloma\Desktop\mbar2014-02-06 01:22 - 2014-02-06 00:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-02-06 01:22 - 2014-02-06 00:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-06 00:57 - 2014-02-06 00:56 - 01166132 _____ () C:\Users\Paloma\Desktop\AdwCleaner.exe2014-02-06 00:55 - 2014-02-06 00:54 - 01037530 _____ (Thisisu) C:\Users\Paloma\Desktop\JRT.exe2014-02-06 00:50 - 2014-02-06 00:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paloma\Desktop\mbar-1.07.0.1009.exe2014-02-05 22:30 - 2012-01-21 21:10 - 00001062 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771593470-3012635902-189330645-1001Core.job2014-02-05 00:47 - 2014-02-05 00:42 - 00000000 ____D () C:\Users\Paloma\Desktop\RK_Quarantine2014-02-05 00:46 - 2014-02-05 00:46 - 00002094 _____ () C:\Users\Paloma\Desktop\RKreport[0]_S_02052014_004657.txt2014-02-05 00:42 - 2014-02-05 00:41 - 04380160 _____ () C:\Users\Paloma\Desktop\RogueKillerX64.exe2014-02-05 00:35 - 2014-02-05 00:35 - 00000902 _____ () C:\Users\Paloma\Desktop\NTREGOPT.lnk2014-02-05 00:35 - 2014-02-05 00:35 - 00000883 _____ () C:\Users\Paloma\Desktop\ERUNT.lnk2014-02-05 00:34 - 2014-01-29 03:58 - 00000000 ____D () C:\windows\erdnt2014-02-05 00:33 - 2014-02-05 00:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-05 00:30 - 2014-02-05 00:27 - 00002122 _____ () C:\Users\Paloma\Desktop\Rkill.txt2014-02-05 00:28 - 2014-02-05 00:28 - 00791393 _____ (Lars Hederer ) C:\Users\Paloma\Desktop\erunt-setup.exe2014-02-05 00:27 - 2014-02-05 00:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Paloma\Desktop\rkill.exe2014-02-04 23:56 - 2013-12-13 19:39 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\uTorrent2014-02-04 23:42 - 2014-02-04 23:41 - 00000000 ____D () C:\Users\Paloma\Downloads\Nueva carpeta2014-02-04 22:47 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF2014-02-04 20:41 - 2012-01-21 21:10 - 00002390 _____ () C:\Users\Paloma\Desktop\Google Chrome.lnk2014-02-04 00:16 - 2011-12-28 22:22 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Skype2014-02-03 21:47 - 2014-02-03 21:47 - 00113928 _____ () C:\Users\Paloma\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00422896 _____ () C:\windows\system32\FNTCACHE.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00000000 _____ () C:\windows\setuperr.log2014-02-01 18:17 - 2014-02-01 18:17 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-01 10:31 - 2014-02-01 10:31 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files\iTunes2014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-02-01 10:30 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files\iPod2014-02-01 10:24 - 2014-02-01 10:24 - 00000000 ____D () C:\Users\Paloma\Desktop\Windows Repair2014-02-01 10:23 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.Desktop.Exception.log2014-02-01 10:22 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Skype2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Internet2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST642014-02-01 10:04 - 2011-12-26 19:05 - 00000000 ____D () C:\ProgramData\Apple2014-01-31 18:20 - 2014-01-31 18:20 - 00000021 _____ () C:\Users\Paloma\AppData\Roaming\mbam.context.scan2014-01-31 18:12 - 2014-01-31 18:12 - 00000000 ____D () C:\c01583f13b0614665f2014-01-31 17:52 - 2011-12-27 00:03 - 00000000 ____D () C:\Users\Paloma2014-01-31 17:51 - 2014-01-31 17:47 - 00002224 _____ () C:\windows\system32\ASOROSet.bin2014-01-31 17:51 - 2009-07-14 03:34 - 76021760 _____ () C:\windows\system32\config\SOFTWARE.bak2014-01-31 17:51 - 2009-07-14 03:34 - 22544384 _____ () C:\windows\system32\config\SYSTEM.bak2014-01-31 17:51 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak2014-01-31 17:48 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak2014-01-31 17:47 - 2014-01-31 17:46 - 00000000 ____D () C:\windows\system32\config\RCCBakup2014-01-31 17:21 - 2012-11-01 17:22 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEShims.dll2014-01-31 17:21 - 2012-11-01 17:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\IEShims.dll2014-01-31 15:33 - 2012-10-10 14:40 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2014-01-31 15:33 - 2012-10-10 14:40 - 00002560 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2014-01-31 15:32 - 2012-10-10 14:40 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2014-01-31 15:32 - 2012-10-10 14:40 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2014-01-31 15:30 - 2014-01-31 15:30 - 00096208 _____ () C:\windows\SysWOW64\vcomctl32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00051200 _____ () C:\windows\SysWOW64\vkernel32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00035328 _____ () C:\windows\SysWOW64\vuser32.dll2014-01-31 15:23 - 2014-01-31 15:23 - 00000000 ____D () C:\Users\Paloma\Documents\Visual Studio 20052014-01-31 14:07 - 2011-12-27 00:35 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-01-31 01:04 - 2011-10-11 11:46 - 00407040 _____ (Samsung Electronics) C:\windows\HotfixChecker.exe2014-01-31 01:04 - 2011-10-11 11:36 - 00003324 _____ () C:\windows\HotFixList.ini2014-01-31 01:03 - 2011-10-11 11:36 - 00345600 _____ (Samsung Electronics Co., Ltd.) C:\windows\SetLCDStretchMode.exe2014-01-31 00:54 - 2014-01-31 00:54 - 00000000 ____D () C:\63d26f454ba3a54ec38dc7872014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\ProgramData\ESET2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\Program Files\ESET2014-01-30 20:13 - 2014-01-30 20:13 - 00000000 ____D () C:\Program Files (x86)\ESET NOD322014-01-30 19:53 - 2014-01-29 03:59 - 00000000 ____D () C:\Qoobox2014-01-30 19:36 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-01-29 11:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\com2014-01-29 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\oobe2014-01-29 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\com2014-01-29 10:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME2014-01-29 10:31 - 2014-01-28 23:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll2014-01-29 10:27 - 2010-11-21 04:23 - 03860992 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll2014-01-29 04:32 - 2012-01-22 16:22 - 00000000 ____D () C:\found.0002014-01-29 04:19 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default2014-01-29 04:11 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini2014-01-29 03:37 - 2014-01-29 03:26 - 00000000 ____D () C:\ProgramData\Package Cache2014-01-29 02:57 - 2014-01-29 02:57 - 00003276 _____ () C:\windows\System32\Tasks\{EA1A2A69-2609-4E55-ABAB-C698B64C2F24}2014-01-29 02:46 - 2012-01-21 21:10 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Deployment2014-01-28 20:24 - 2014-01-28 20:24 - 00832872 _____ (Macromedia, Inc.) C:\windows\system32\flash.ocx2014-01-28 20:24 - 2014-01-28 20:24 - 00608448 _____ (Microsoft Corporation) C:\windows\system32\comctl32.ocx2014-01-28 20:20 - 2014-01-28 20:12 - 00198656 _____ (Microsoft Corporation) C:\windows\comdlg32.ocx2014-01-28 20:20 - 2001-05-21 11:46 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Comdlg32.ocx2014-01-28 20:12 - 2014-01-28 19:56 - 00063088 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00606208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstime.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00053360 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLib.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00050800 _____ (VMware, Inc.) C:\windows\SysWOW64\vmhgfs.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00034416 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLibJava.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\corpol.dll2014-01-28 19:59 - 2014-01-28 19:59 - 03223152 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dgl.dll2014-01-28 19:59 - 2014-01-28 19:59 - 00219248 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dum.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01047552 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71u.dll2014-01-28 19:35 - 2014-01-28 19:35 - 00000000 ____D () C:\ProgramData\Weskysoft2014-01-28 19:28 - 2014-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\DLLSuite2014-01-28 19:17 - 2011-12-26 19:09 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-01-28 19:17 - 2011-10-12 02:28 - 00000000 ____D () C:\windows\MSetup2014-01-28 19:17 - 2011-02-11 20:57 - 00000000 ____D () C:\windows\Panther2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\windows\ERUNT2014-01-28 18:40 - 2014-01-28 18:40 - 00102912 _____ (Microsoft Corporation) C:\windows\SysWOW64\vb6stkit.dll2014-01-28 18:38 - 2014-01-28 18:38 - 01355776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvbvm50.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-28 18:24 - 2012-01-02 16:37 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Adobe2014-01-28 18:22 - 2014-01-28 18:22 - 00002986 _____ () C:\windows\System32\Tasks\{45CB59DC-D832-4782-846C-F3EB176B2537}2014-01-28 18:21 - 2014-01-28 18:21 - 00002986 _____ () C:\windows\System32\Tasks\{3289EEA8-1FD0-4B6B-9F07-8C2D94F3A841}2014-01-28 18:20 - 2014-01-28 18:20 - 00002986 _____ () C:\windows\System32\Tasks\{B11F8FFC-F73B-4D0D-BEFD-5DE92E89C2C7}2014-01-28 18:16 - 2011-02-11 20:56 - 00000000 ____D () C:\windows\Sec2014-01-28 18:16 - 2005-04-08 03:16 - 00000000 ___HD () C:\Users\Paloma\AppData\Roaming\501BB70B2014-01-28 17:36 - 2012-09-16 16:31 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-01-28 17:31 - 2011-12-26 18:08 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-01-28 17:31 - 2011-12-26 18:08 - 00000000 ____D () C:\Program Files\CCleaner2014-01-20 15:16 - 2012-01-13 18:55 - 00000000 ____D () C:\Users\Public\CyberLink2014-01-16 14:33 - 2012-02-18 18:38 - 00000000 ___HD () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-16 14:32 - 2012-09-16 16:34 - 00001021 _____ () C:\Users\Paloma\Desktop\Dropbox.lnk2014-01-15 17:06 - 2014-01-15 16:54 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-01-15 17:06 - 2014-01-15 16:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-01-15 17:04 - 2012-01-21 21:44 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe2014-01-15 17:02 - 2011-12-26 18:45 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-01-15 16:56 - 2014-01-15 16:54 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\windows\system32\Macromed2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\ProgramData\McAfee2014-01-15 16:52 - 2011-10-11 11:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-01-15 16:42 - 2014-01-15 16:42 - 00000000 ____D () C:\ProgramData\PC Drivers Headquarters2014-01-15 16:40 - 2014-01-15 15:34 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Downloaded Installations2014-01-15 16:12 - 2014-01-15 16:12 - 00003128 _____ () C:\windows\System32\Tasks\{E0E2DC5D-BFD0-459E-B1AC-C8C2A563DC50}2014-01-15 16:11 - 2011-12-27 00:04 - 00000000 ____D () C:\Users\Paloma\AppData\Local\VirtualStore2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Sun2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Oracle2014-01-15 14:24 - 2014-01-15 14:25 - 06345936 _____ (PC Cleaners) C:\ProgramData\pclunst.exe2014-01-15 14:02 - 2011-12-26 18:47 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-01-15 13:58 - 2012-01-21 21:46 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apple2014-01-15 13:41 - 2011-12-26 18:09 - 00001724 _____ () C:\Users\Public\Desktop\Defraggler.lnk2014-01-15 13:41 - 2011-12-26 18:09 - 00000000 ____D () C:\Program Files\Defraggler2014-01-15 13:38 - 2014-01-15 13:38 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC Files to move or delete:====================C:\ProgramData\pclunst.exe Some content of TEMP:====================C:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dllC:\Users\Paloma\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-31 22:07 ==================== End Of Log ============================- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Hello! I could follow steps 3, 4 and 5, but I couldn't follow this one: Once again, when I try to run Malwarebytes, a window pops up saying: Run-time error 50003: Unexpected error I have done some research and come to the conclusion that there is probably a .dll file conflict. Is that possible? Steps 6 and 7 I haven't tried... Thanks for your help! FriZin PD: here are the logs of steps 3, 4 and 5: mbar-log (1) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.02.05.10 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Paloma :: PALOMA-PC [administrator] 06/02/2014 0:59:48mbar-log-2014-02-06 (00-59-48).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 269105Time elapsed: 19 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Paloma\AppData\Roaming\Paloma-wchelper.dll (Trojan.Agent.Gen) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) mbar-log (2) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.02.05.10 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Paloma :: PALOMA-PC [administrator] 06/02/2014 1:22:54mbar-log-2014-02-06 (01-22-54).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 268905Time elapsed: 17 minute(s), 8 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 5023084544 Downloaded database version: v2014.02.05.10Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 02/06/2014 00:59:37------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\sechost.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\msvcrt.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\oleaut32.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\rpcrt4.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\iertutil.dll\Windows\System32\difxapi.dll\Windows\System32\cfgmgr32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800621e050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fd59d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800621e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Infected: C:\Users\Paloma\AppData\Roaming\Paloma-wchelper.dll --> [Trojan.Agent.Gen]Scan finishedCreating System Restore point...Cleaning up...Removal successful. No system shutdown is required.======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4675203072 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4674560000 =======================================Initializing...------------ Kernel report ------------ 02/06/2014 01:22:45------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\sechost.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\msvcrt.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\oleaut32.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\rpcrt4.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\iertutil.dll\Windows\System32\difxapi.dll\Windows\System32\cfgmgr32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800621e050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fd59d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800621e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Home Premium x64Ran by Paloma on 06/02/2014 at 1:44:51,68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc1data"Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\systweak"Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0144C472-A983-4A1A-88BF-6900D2535256}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0246C126-DB92-402F-ACB9-764669804EF1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{024B0AED-E9AE-4982-8CAE-83CB882EFC58}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{09A21E5C-9B37-49F7-B78A-97CF1E53444A}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{09B3BEC3-A315-467C-AE01-B3FB1CE92E1B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0EADD068-1EB9-4338-AAD3-01A67A332C2B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0F77ECBA-D1A2-4CCF-A226-3F81DE8EA04F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0FF2759D-E187-4469-B788-61B537F5FFE1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{117CCE8C-6E41-4E09-8331-42A83C69C604}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1321CACC-FF1B-4078-ADDF-7D10F25422F6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{13D3B3FD-DBB4-48E5-87CC-C63878F8186E}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{14FB862F-C90E-45CF-AC42-10762C9B4B15}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{15CDDEDA-B3EA-4514-A2C3-8CA355AA22A4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{15E23D3B-5CB2-4C30-AF05-0EC82EC089F3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1671E0D1-BFD7-46B0-84F4-1DED5CD58FFB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{16C9E32C-ED39-427D-A974-0EF1731BD581}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{16D4390B-5BF2-45C9-A43A-6EE685B193F5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{17F20DA6-663B-4728-A5F3-7C69556DC613}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{17FB98BB-0301-4CED-B9E8-C27816D7F26C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{183776F9-1395-41D8-B401-0F7FFFD3DCC8}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{18DF1DA3-0AD6-4059-B26A-01F380FDC302}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1B114862-858C-40F1-901B-3306CF74568F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1DCFDDC9-09CD-4A6B-97B1-E25A70F09C05}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1F3D0234-7A6E-4914-9AE2-FF461463835B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{21DB7ED2-DD19-45F3-995C-737BCB8F004C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{225A722D-6971-45B0-B165-9752811E35AF}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{22827EEB-4BD4-43DB-A437-257715B8C9EB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{26D1A887-6142-4610-9E5C-41508EF2D1C2}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{2BDB424D-EC84-4215-B526-566A84ECB1CE}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{2C974C5C-230E-4D5F-BCDB-27DDBD17A82B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{32112F48-68DD-4AC1-97D7-22A8A932FD44}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{33E87114-8E1D-4FE1-B2B3-3B48B187BBF0}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{342CCD5E-1800-475C-875E-AD9E85D28CF4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{3B334A8D-6F60-412D-8BB7-D859C72E713F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{3C52A13B-B88D-4357-A387-C04361F0FAF9}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4ABE686F-F2B9-480C-81BD-0E2E0EDD8547}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4E594D40-0FFF-41E4-BF39-2E3FC3246AD2}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4FEF50B1-34B9-4B58-96CD-1A0C3E26CE09}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{51CA2985-14B9-4BC0-B3CB-3DD2DEE79089}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{53A3853D-CB01-48C6-A73C-B5D240327CB4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{5B224349-6BF4-4D0F-BC15-84653DB91E0C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{5B89678A-9D6D-4627-B53E-6B10D9F29E4D}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6242F0BC-4B41-4982-8251-BAC383E3C38C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6829388B-DFCE-4CEB-B0E0-F1A2A1EABDC3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6BD46E3A-6B22-47A7-B230-725D1DF7ABCF}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6E9BA5F9-67EA-49AA-8F99-DDB2ECE0D8A6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6F5DD0F5-6B55-47D4-A535-FB1ECF253EF1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{75448E5C-C7D1-4051-B5AA-512762F4571C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{792D9FA3-6EE9-4405-B970-F34F8417050B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{82925DD7-60CA-42A5-B3C5-8833D3CF787A}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{82EBFB42-06CC-497A-88A2-9E56CF8BF941}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{8E4BA94D-96EF-4571-BA60-ACD1CC7B64B4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{8EC6E596-BB83-4852-AB3A-24B717B01F23}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{904B6AE6-E7C1-40AD-AFBE-AD1AE3D6AFE5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{934847AF-E237-4A34-9A51-DC74FF86F600}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{940513B3-C32B-46E6-A7FF-A94888FCD634}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{96E20FF4-083F-46A4-A498-CB84D90DBD67}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{994B7B37-C3A3-43F0-917B-685B1AEAE467}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{9C269EAF-CA8D-4D51-BADB-351D88B880E6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{9E05571F-25D6-4E8A-B819-3F6FB943BC8D}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A42CC830-641E-4DF2-B005-FAD0DB79316F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A6547E03-2C35-449F-ACA3-B36A8580B619}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A7CF4C00-3DD8-4CCA-91AD-8883EA4DAB55}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B1183F42-E330-46C4-8AB4-8115DC79B563}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B15C0BA4-6075-4F06-9BEF-0A4A8F39B378}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B4F37436-A265-41C2-A240-B4BD3167C351}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B7434E2F-9128-4B38-8720-C38DA05B8F5C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{BDC65DF5-B81C-431E-9FB4-71C13C8DDBC3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{C1650236-F267-4098-8ACE-037E47462C03}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{C491DA0C-DC9F-4452-BE01-4D9A493F89B3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{CA2A6187-BB96-4D99-AD11-909D4A458F3C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D0750E24-FB55-4D08-B2EA-DE76651B5BCB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D3C69B58-228B-4FE9-A05D-D683898381F7}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D6E7ACFF-9ACA-4E43-9A25-CA30FFC49786}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D92F7788-36DC-4707-878C-8E7C9A5F17E7}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{DDCF5FC7-B5F0-4E4F-AC8F-2496776D1296}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E0F132D2-51BB-46FD-93FA-5FB52D7B0ED3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E2B82323-EE6B-4849-BE79-0620FA8A2A26}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E7EEEDA1-B2C1-45B9-AF5D-5D323C33758F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E8DF7AEE-A3A3-4983-BDD5-B825F19C0815}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E99D4C07-A442-4122-8566-5AB8A32C4FA8}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{EFB88BEE-3D7C-48A3-B477-E64483054DA5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F1D925A9-3EF6-450A-B9C7-F8ADF08F663B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F2B2244D-CA4C-4AA7-8F1D-E325F4134B1E}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F2DB2C41-85BD-4987-A4AC-575506950712}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F381DF12-DE2E-49E3-8087-F525D9AD8A96}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F8D4CF1B-1066-4855-A4D1-24ABFC729F05}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{FF3D1DD2-B5A8-48AB-9D5A-7DBA2D32B102}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{FFAE0B55-35E5-438F-8F13-0099EB269F32} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 06/02/2014 at 1:59:05,82End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[s3].txt # AdwCleaner v3.018 - Reporte Creado 06/02/2014 en 07:11:22# Actualizado 28/01/2014 por Xplode# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)# Nombre de usuario : Paloma - PALOMA-PC# Ejecutado desde : C:\Users\Paloma\Desktop\AdwCleaner.exe# Opción : Limpiar ***** [ Servicios ] ***** ***** [ Archivos / Carpetas ] ***** Carpeta Borrar : C:\ProgramData\ParetoLogicCarpeta Borrar : C:\Program Files (x86)\ParetoLogicCarpeta Borrar : C:\Users\Paloma\AppData\Roaming\ParetoLogicArchivo Borrar : C:\windows\System32\roboot64.exe ***** [ Accesos directos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v9.0.8112.16450 -\\ Google Chrome v [ Archivo : C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R3].txt - [1012 octets] - [06/02/2014 07:07:31]AdwCleaner[s3].txt - [923 octets] - [06/02/2014 07:11:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [982 octets] ##########- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Hi AdvancedSetup: First of all, thanks a lot for your answer and sorry for having opened two topics. I just thought that the first one had gone unnoticed. I have carefully followed the different steps. The only problem I had was that I couldn't download RogueKill (64) from the link you indicated, so I had to download it from this one: http://www.adlice.com/softwares/roguekiller/ I hope that's ok... Here is the result: RKill log Rkill 2.6.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/05/2014 12:27:56 AM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 02/05/2014 12:30:21 AMExecution time: 0 hours(s), 2 minute(s), and 25 seconds(s) RogueKill log RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Paloma [Admin rights]Mode : Scan -- Date : 02/05/2014 00:46:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M750MBB +++++--- User ---[MBR] ee4483c8735edbf4e377026458a82e49[bSP] 0de15382bf5a7dd7db113f8bb40a784c : KIWI Image system MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 82944 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 170076160 | Size: 609042 Mo3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1417394176 | Size: 23317 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02052014_004657.txt >> Thanks! FriZin- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Run-time error 50003 + several problems
Frizinker replied to Frizinker's topic in Resolved Malware Removal Logs
Hi everybody! I am having the following problem: each time I try to run MBAM (free), a window pops up saying: Run-time error '50003' Unexpected error I have already cleanly reinstalled MBAM following the MBAM Clean Removal Process, but the error message keeps popping up, so I cannot use my MBAM. The computer is probably infected, since I have experienced other problems as well: - Windows Update does not work: it is unable of downloading (and installing) any updates - I cannot update Internet Explorer (from IE 9 to IE 11) My OS is Windows 7 Home Premium SP 1. I have run the DDS scan (logs are attached). Any help is appreciated. Thank you! FriZin attach.txt dds.txt- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Thanks a lot for your answer. I have opened a new topic under "Malware Removal Help". FriZin
- 5 replies
-
- Windows 7
- Run-time error
-
(and 1 more)
Tagged with:
-
Hi everyone: When I try to launch my Malwarebytes Anti-Malware, an error message pops up saying: "Run-time error '50003' Unexpected error". I have already cleanly reinstalled Malwarebytes Anti-Malware following the MBAM Clean Removal Process, but the message keeps popping up. I have also run the DDS scan (logs are attached). According to Firefox (trusted advisor), there is much more going on than just a problem with MBAM, probably a malware infection. This makes sense to me, since I have also been experiencing the following problems: - Windows Update does not work properly: although warning of new updates, it is unable to download (and install) those updates - I cannot update Internet Explorer 9 to Internet Explorer 11 My OS is Windows 7 Home Premium SP 1. I am running the free version of MBAM. Thanks! FriZin PD: is there any way of changing my MBAM user name from "Frizinkerq" to "Frizinker" (the q was a typo)? attach.txt dds.txt attach.txt dds.txt
- 22 replies
-
- Windows 7
- Run-time error 50003
- (and 3 more)
-
Hello daledoc1: Thanks for your prompt response! I am running the free version. The clean reinstall with the MBAM Clean Removal Process did not work (the error window keeps popping up), so I ran the dds scan. Please find the logs attached. By the way, is there any way of changing my user name? I would like to slightly change it from "Frizinkerq" to "Frizinker" (the q is a typo). Thank you! FriZin attach.txt dds.txt
- 5 replies
-
- Windows 7
- Run-time error
-
(and 1 more)
Tagged with:
-
Hi everybody! When I try to launch my Malwarebytes Anti-Malware, an error message pops up saying: "Run-time error '50003' Unexptected error". My OS is Windows 7 Home Premium SP 1. Anybody knowing a solution to this error? Thanks! FriZin
- 5 replies
-
- Windows 7
- Run-time error
-
(and 1 more)
Tagged with: