Jump to content

Search the Community

Showing results for tags 'appdata'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. Hey guys I got notified on mbam that a update.exe was trying to connect to a porn site specifically jdsr16888.info And I removed it and it was in the appdata location and it had like a Firefox logo and Firefox files when I never installed it what do I do?
  2. Everyday, I receive the same notification for the same PUP to be quarantined. I don't use Chrome and haven't done for some time. I did have a file with old Firefox settings stored on my desktop, but I have shredded that. I am at a loss as to why these PUPs keep recurring.
  3. When I run RKILL a portion of the report reads: “WMPNetworkSvc [Missing Service]” For the past few days whenever I run JRT a portion of the report reads: [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Lewis\WMPNetworkSvc [Missing Service]\User Data\Default\Secure Preferences] - Extensions Deleted: [] Am I infected? My Laptop is a Dell N5110; Windows 7 Home Premium 64 Bit Thank you
  4. OK, The above tags are some of the folders contained within the bogus User folders, which all lead to a group of identical files that I suspect to be malicious. Anyways, Initially I had started searching for a way to remove some adware that continually reinstalls itself after removing it from Chrome extensions. Later discovered that in IE11, the same extensions were greyed out and unable to be disabled, much less deleted. found the file location and tried to remove them this way, but seems they're still lurking somewhere. whilst hunting for these I came across these suss user folders and their contents. Tried to delete these and have come to realise i've probable made my job harder. Tried uninstalling things but there wasn't a lot in the way of programs to remove. Tried Malwarebytes as it came up frequently as supposedly being able to remove the adware I was dealing with. Removed a bunch of other stuff, but not what I wanted gone, so here I am. Found this post, and admin had said at the end to start a new topic rather than post to the closed thread, but I think it's the same or at least a very similar problem. https://forums.malwarebytes.org/index.php?/topic/148493-rogue-administrator-file-created-has-comodo-etc-and-malware-not-catching-these-in-scan-or/page-5 Saved FRST to desktop Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014Ran by Glenn (administrator) on RHI-PC on 14-08-2014 01:00:49Running from C:\Users\Glenn\DesktopPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()HKLM-x32\...\Run: [soundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)HKU\S-1-5-21-2707335387-3578575701-2918986647-1000\...\MountPoints2: {dfa39483-9872-11e3-b0fa-0023aea2da75} - F:\RNDISInst.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comSearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKCU - DefaultScope {37B7FE30-A1AF-4E33-9D73-D90044FF5459} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {37B7FE30-A1AF-4E33-9D73-D90044FF5459} URL = https://www.google.com/search?q={searchTerms}BHO: SSearch-NewTaB -> {16F753B1-81A0-BBBD-EA60-BF0A1403B76C} -> C:\Program Files (x86)\SSearch-NewTaB\KcqDa2.x64.dll No FileBHO: sAvvE on -> {218BE2AE-7578-8877-2150-42EA09F63CBD} -> C:\Program Files (x86)\sAvvE on\ZEo2rkZoy.x64.dll No FileBHO: save on -> {7986BAA2-7123-C303-7817-BA93BEF4BA79} -> C:\Program Files (x86)\save on\87pf5TWqV.x64.dll No FileBHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: savve, oN -> {EA9F5528-1C5E-B3D3-0C2B-97BFB4633174} -> C:\Program Files (x86)\savve, oN\3oR_.x64.dll No FileBHO-x32: SSearch-NewTaB -> {16F753B1-81A0-BBBD-EA60-BF0A1403B76C} -> C:\Program Files (x86)\SSearch-NewTaB\KcqDa2.dll No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: sAvvE on -> {218BE2AE-7578-8877-2150-42EA09F63CBD} -> C:\Program Files (x86)\sAvvE on\ZEo2rkZoy.dll No FileBHO-x32: save on -> {7986BAA2-7123-C303-7817-BA93BEF4BA79} -> C:\Program Files (x86)\save on\87pf5TWqV.dll No FileBHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: savve, oN -> {EA9F5528-1C5E-B3D3-0C2B-97BFB4633174} -> C:\Program Files (x86)\savve, oN\3oR_.dll No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: CHR StartupUrls: ""CHR DefaultSearchKeyword: google.com.auCHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-21]CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-21]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-21]CHR Extension: (Adblock Plus) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-13]CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-21]CHR Extension: (sAvvE on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccnolnbmkjehlifbnfdfkhmfjoiael [2014-06-16]CHR Extension: (sAve on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijnbakhngcnadiccocmdaaenelcjaha [2014-06-16]CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-21]CHR Extension: (sAvvE on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaccnolnbmkjehlifbnfdfkhmfjoiael\2.14 [2014-06-16]CHR Extension: (sAve on) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijnbakhngcnadiccocmdaaenelcjaha\2.14 [2014-06-16]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-05-21] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-11] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 01:00 - 2014-08-14 01:01 - 00011143 _____ () C:\Users\Glenn\Desktop\FRST.txt2014-08-14 01:00 - 2014-08-14 01:00 - 00000000 ____D () C:\FRST2014-08-14 00:52 - 2014-08-14 00:53 - 02100224 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64.exe2014-08-14 00:48 - 2014-08-14 00:48 - 00518712 _____ () C:\Windows\Minidump\081414-17799-01.dmp2014-08-14 00:00 - 2014-08-14 00:00 - 00562744 _____ () C:\Windows\Minidump\081414-16660-01.dmp2014-08-13 23:23 - 2014-08-13 23:23 - 00000720 _____ () C:\Users\Glenn\Documents\error report.txt2014-08-13 23:20 - 2014-08-13 23:20 - 00565616 _____ () C:\Windows\Minidump\081314-17409-01.dmp2014-08-13 21:52 - 2014-08-14 00:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-13 21:51 - 2014-08-13 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-13 21:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-13 21:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-13 21:47 - 2014-08-13 21:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Downloads\mbam-setup-2.0.2.1012.exe2014-08-13 15:02 - 2014-08-13 15:02 - 00556576 _____ () C:\Windows\Minidump\081314-23758-01.dmp2014-08-11 02:37 - 2014-08-11 02:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2014-08-08 17:02 - 2014-08-08 17:02 - 00562168 _____ () C:\Windows\Minidump\080814-20482-01.dmp2014-08-08 16:22 - 2014-08-08 16:22 - 00580384 _____ () C:\Windows\Minidump\080814-43883-01.dmp2014-08-08 13:17 - 2014-08-08 13:17 - 00547344 _____ () C:\Windows\Minidump\080814-18423-01.dmp2014-08-08 12:55 - 2014-08-08 12:55 - 00553008 _____ () C:\Windows\Minidump\080814-23322-01.dmp2014-07-31 10:23 - 2014-07-31 10:23 - 00570032 _____ () C:\Windows\Minidump\073114-19890-01.dmp2014-07-31 08:57 - 2014-07-31 09:01 - 00005423 _____ () C:\Users\Glenn\Downloads\zrt_lookup.html2014-07-31 08:43 - 2014-07-31 08:43 - 00548280 _____ () C:\Windows\Minidump\073114-20280-01.dmp2014-07-26 17:45 - 2014-07-26 18:39 - 00000000 ____D () C:\Users\Glenn\Downloads\The.Internship.2013.UNRATED.x264.DTS-WAF2014-07-21 18:05 - 2014-07-21 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-07-21 18:01 - 2014-07-21 18:01 - 00572800 _____ () C:\Windows\Minidump\072114-16738-01.dmp2014-07-21 17:28 - 2014-07-21 17:28 - 00575088 _____ () C:\Windows\Minidump\072114-37237-01.dmp2014-07-21 17:22 - 2014-07-21 19:05 - 00000000 ____D () C:\Users\Glenn\Downloads\PANTERA 3 Vulgar Videos From Hell (Big Papi) MP4 19992014-07-21 17:15 - 2014-07-21 17:17 - 00000000 ____D () C:\Users\Glenn\Downloads\Last.Vegas.2013.BRRip.XviD-RARBG2014-07-21 13:21 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-21 13:21 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-21 13:21 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-21 13:21 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-21 13:21 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-21 13:21 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-21 13:21 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-21 13:21 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-21 13:21 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-21 13:21 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-21 13:18 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-21 13:18 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-21 13:18 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieUserList2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieSiteList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-14 01:01 - 2014-08-14 01:00 - 00011143 _____ () C:\Users\Glenn\Desktop\FRST.txt2014-08-14 01:00 - 2014-08-14 01:00 - 00000000 ____D () C:\FRST2014-08-14 00:57 - 2014-03-21 15:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-14 00:55 - 2009-07-14 12:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-14 00:55 - 2009-07-14 12:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-14 00:53 - 2014-08-14 00:52 - 02100224 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64.exe2014-08-14 00:53 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-14 00:51 - 2014-02-15 09:58 - 01952533 _____ () C:\Windows\WindowsUpdate.log2014-08-14 00:49 - 2014-08-13 21:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-14 00:49 - 2014-03-21 15:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-14 00:48 - 2014-08-14 00:48 - 00518712 _____ () C:\Windows\Minidump\081414-17799-01.dmp2014-08-14 00:48 - 2014-03-21 16:43 - 344371915 _____ () C:\Windows\MEMORY.DMP2014-08-14 00:48 - 2014-03-21 16:43 - 00000000 ____D () C:\Windows\Minidump2014-08-14 00:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-14 00:48 - 2009-07-14 12:51 - 00039567 _____ () C:\Windows\setupact.log2014-08-14 00:21 - 2014-02-20 18:21 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job2014-08-14 00:13 - 2014-02-24 21:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-14 00:00 - 2014-08-14 00:00 - 00562744 _____ () C:\Windows\Minidump\081414-16660-01.dmp2014-08-14 00:00 - 2010-11-21 11:47 - 00040820 _____ () C:\Windows\PFRO.log2014-08-13 23:23 - 2014-08-13 23:23 - 00000720 _____ () C:\Users\Glenn\Documents\error report.txt2014-08-13 23:20 - 2014-08-13 23:20 - 00565616 _____ () C:\Windows\Minidump\081314-17409-01.dmp2014-08-13 22:01 - 2014-06-16 16:45 - 00000000 ____D () C:\ProgramData\savve, oN2014-08-13 22:01 - 2014-06-16 16:36 - 00000000 ____D () C:\ProgramData\SSearch-NewTaB2014-08-13 22:01 - 2014-02-20 18:21 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\UpdaterEX2014-08-13 21:51 - 2014-08-13 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-13 21:51 - 2014-08-13 21:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-13 21:47 - 2014-08-13 21:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Downloads\mbam-setup-2.0.2.1012.exe2014-08-13 15:02 - 2014-08-13 15:02 - 00556576 _____ () C:\Windows\Minidump\081314-23758-01.dmp2014-08-12 00:48 - 2014-02-20 18:37 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\vlc2014-08-11 02:37 - 2014-08-11 02:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2014-08-08 17:02 - 2014-08-08 17:02 - 00562168 _____ () C:\Windows\Minidump\080814-20482-01.dmp2014-08-08 16:22 - 2014-08-08 16:22 - 00580384 _____ () C:\Windows\Minidump\080814-43883-01.dmp2014-08-08 13:17 - 2014-08-08 13:17 - 00547344 _____ () C:\Windows\Minidump\080814-18423-01.dmp2014-08-08 12:55 - 2014-08-08 12:55 - 00553008 _____ () C:\Windows\Minidump\080814-23322-01.dmp2014-07-31 10:23 - 2014-07-31 10:23 - 00570032 _____ () C:\Windows\Minidump\073114-19890-01.dmp2014-07-31 09:01 - 2014-07-31 08:57 - 00005423 _____ () C:\Users\Glenn\Downloads\zrt_lookup.html2014-07-31 08:43 - 2014-07-31 08:43 - 00548280 _____ () C:\Windows\Minidump\073114-20280-01.dmp2014-07-31 07:46 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF2014-07-28 22:58 - 2014-03-21 15:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-28 22:58 - 2014-03-21 15:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-27 00:36 - 2014-03-21 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 00:35 - 2014-06-16 15:54 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\uTorrent2014-07-26 19:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache2014-07-26 18:39 - 2014-07-26 17:45 - 00000000 ____D () C:\Users\Glenn\Downloads\The.Internship.2013.UNRATED.x264.DTS-WAF2014-07-22 09:07 - 2009-07-14 12:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 09:05 - 2014-06-06 19:49 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-22 09:05 - 2010-11-21 15:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-22 09:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-22 09:05 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-21 23:17 - 2014-04-16 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-21 19:05 - 2014-07-21 17:22 - 00000000 ____D () C:\Users\Glenn\Downloads\PANTERA 3 Vulgar Videos From Hell (Big Papi) MP4 19992014-07-21 18:05 - 2014-07-21 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-07-21 18:01 - 2014-07-21 18:01 - 00572800 _____ () C:\Windows\Minidump\072114-16738-01.dmp2014-07-21 17:28 - 2014-07-21 17:28 - 00575088 _____ () C:\Windows\Minidump\072114-37237-01.dmp2014-07-21 17:17 - 2014-07-21 17:15 - 00000000 ____D () C:\Users\Glenn\Downloads\Last.Vegas.2013.BRRip.XviD-RARBG2014-07-21 14:22 - 2014-02-20 18:22 - 00000119 _____ () C:\Users\Glenn\AppData\Roaming\WB.CFG2014-07-21 13:13 - 2014-02-24 21:25 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-21 13:13 - 2014-02-24 21:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-21 13:13 - 2014-02-24 21:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieUserList2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 __SHD () C:\Users\Glenn\AppData\Local\EmieSiteList Some content of TEMP:====================C:\Users\Glenn\AppData\Local\Temp\ose00000.exeC:\Users\Glenn\AppData\Local\Temp\Sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 23:07 ==================== End Of Log ============================ Addition:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014Ran by Glenn at 2014-08-14 01:01:18Running from C:\Users\Glenn\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTIONGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenIntel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)JB Hi-Fi NOW Video (HKCU\...\4049441117.video.jbhifi.com.au) (Version: - video.jbhifi.com.au)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.26.0 - Ralink)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7250 - Analog Devices)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 16-06-2014 14:45:13 Windows Update17-06-2014 10:09:22 Windows Update04-07-2014 18:42:47 Windows Update21-07-2014 05:18:48 Windows Update21-07-2014 15:14:07 Windows Update25-07-2014 13:22:38 Windows Update26-07-2014 16:35:12 Windows Update30-07-2014 14:50:11 Windows Update07-08-2014 15:16:07 Windows Update13-08-2014 01:49:26 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B71D762-77DC-4DB0-AE88-451FDA7D521C} - System32\Tasks\UpdaterEX => C:\Users\Glenn\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {3FEAA9E6-F035-4CF7-A591-DA199125B34A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {9664631B-1899-4DC0-90AD-85032A988A9A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707335387-3578575701-2918986647-1000Task: {9749C3D0-4CF2-4665-A859-CB6CC5F213D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: {D4503B26-078A-46A0-8DB5-246EF5697434} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)Task: {D4BC3C22-12BC-4A28-817B-EE118BCB0001} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Glenn\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-11-17 13:16 - 2010-11-17 13:16 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-14 18:09 - 2010-05-21 13:14 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-06-04 12:29 - 2014-05-14 07:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-06-04 12:29 - 2014-05-14 07:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-06-04 12:29 - 2014-05-14 07:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll2014-07-21 17:01 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/14/2014 00:49:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/14/2014 00:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:22:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 10:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 08:56:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 07:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 03:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 01:45:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 09:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: WSARecvMsg failed (10038) System errors:=============Error: (08/14/2014 00:50:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/14/2014 00:48:14 AM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000116 (0xfffffa8005bed4e0, 0xfffff8800403acb0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP081414-17799-01 Error: (08/14/2014 00:48:09 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:46:35 AM on ‎8/‎14/‎2014 was unexpected. Error: (08/14/2014 00:03:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/14/2014 00:00:43 AM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000116 (0xfffffa8003fe9010, 0xfffff88004025cb0, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP081414-16660-01 Error: (08/14/2014 00:00:40 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 11:58:40 PM on ‎8/‎13/‎2014 was unexpected. Error: (08/13/2014 11:31:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (08/13/2014 11:22:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/13/2014 11:21:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/13/2014 11:21:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (08/14/2014 00:49:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/14/2014 00:02:24 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:30:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 11:22:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 10:04:24 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 08:56:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 07:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 03:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 01:45:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/13/2014 09:49:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: WSARecvMsg failed (10038) ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHzPercentage of memory in use: 58%Total physical RAM: 3931.61 MBAvailable physical RAM: 1614.91 MBTotal Pagefile: 7861.4 MBAvailable Pagefile: 5324.79 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:102.91 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 73C473C4)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hope this helpsCheers Riddz
  5. I just performed a quick scan using the 'Malwarebytes Anti-Malware software's pro version. 12 malicious objects were detected at the end of the scan. Some of the supposedly malicious contents included system files such as 'explorer.exe' and 'iexplorer.exe'. Here is the log of the scan (my computer name has been removed for security reasons): Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.25.06Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Daksh Shah :: <removed by me> [administrator]Protection: Enabled25-01-2014 10:45:21MBAM-log-2014-01-25 (10-53-55).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 292356Time elapsed: 7 minute(s), 7 second(s)Memory Processes Detected: 1C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> 4368 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPLORER.EXE (Spyware.Password) -> No action taken.HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 7C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\Systeminfo\iexplorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\utt9312.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\uttE3CB.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\Downloads\9DBB.tmp (PUP.Optional.GoForFiles.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.(end)Kindly advice at the earliest whether I should remove all the malware detected above or only some of them. Will it be safe to do so?
  6. Hello. Recently, whenever I log into my account on my computer, I receive a system error saying "Could not load C:\Users\Jonah\AppData\Local\ATI\APPS\dhzixr.dll" I researched this, and figured out that dhzixr.dll is a malicious file, and most likely Malwarebytes went ahead and deleted it during the scan. However, the malware that I seem to have been infected with must have added the dll to my registry right after Malwarebytes got to it. In my ATI folder, I do not have an APPS folder. I was almost thinking of creating a new folder, and creating an empty file called dhzixr.dll to stop the warning prompt on each log in, but I wanted to solve the problem, not cover it up. My computer is Win7, it's a shared computer and this warning does not happen on anyone else's account on this computer. So, I'm here to ask you guys what is the smartest thing to do? Remove the dll from my registry(Never used regedit.exe, I would need help with this)? Do a special type of scan? Spam some other forum with my problems? Any help would be appreciated, If you need anymore information and/or specs I would be happy to supply them. Thank you and have a nice day.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.