Jump to content

Search the Community

Showing results for tags 'zero access'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. Dear Sirs, I am trying to clean up my father's computer, remotely, and have encountered trojan.0access. This computer does have premium mbam, though before today, it was the free version, so no scheduled scans. I read in a 0access cleanup thread on this site that there are specific steps to be taken and that the trojan can persist. I have run several mbam (and eset online and adwcleaner) scans in the last 24 hours, removing 6-50 bad guys per scan, before mbam found 0access. The last mbam scan found no threats, but the computer is still dreadfully slow, compared to normal for this machine, and I do not think it is clean. I have read the 'I'm Infected' thread and am here posting the logs requested. Please advise as to how to remove this threat, and whether it is true that a 0access backdoor requires reformat/reinstallation of windows, or replacement of the computer. Many Thanks, LH >>>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014 Ran by Roger (administrator) on ROGER-PC on 01-11-2014 15:28:57Running from C:\Users\Roger\DownloadsLoaded Profile: Roger (Available profiles: Roger)Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe(SigmaTel, Inc.) C:\Windows\sttray.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolsoftware.exe(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolupdates.exe(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\waol.exe(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\shellmon.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)HKLM\...\Run: [brMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.)HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [iSUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)HKLM\...\Run: [sigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-26] (Google Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7a\AOL.EXE [72296 2014-08-19] (AOL Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.comHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}SearchScopes: HKLM - {9D4A53EC-0005-4263-BBA7-9DEF04D96ADA} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieSearchScopes: HKCU - DefaultScope {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieSearchScopes: HKCU - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111203&iesrc={referrer:source}SearchScopes: HKCU - {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieBHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.comFF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.comFF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.comFF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-20]FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()CHR Plugin: (Norton Confidential) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Profile: C:\Users\Roger\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-19]CHR Extension: (Kaspersky URL Advisor) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-20]CHR Extension: (Safe Money) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-09-20]CHR Extension: (Virtual Keyboard) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-09-20]CHR Extension: (Kaspersky Protection) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-06-08]CHR Extension: (Google Wallet) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]CHR Extension: (Anti-Banner) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-09-20]CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-08-18] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-24] (SUPERAntiSpyware.com) [File not signed]R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-01-15] (Apple, Inc.) [File not signed]R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2013-09-20] (McAfee, Inc.)S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\???\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-20] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-20] (Kaspersky Lab ZAO)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [127992 2012-07-17] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2013-09-20] (McAfee, Inc.)R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-07-17] (McAfee, Inc.)R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 15:28 - 2014-11-01 15:29 - 00023130 _____ () C:\Users\Roger\Downloads\FRST.txt2014-11-01 15:28 - 2014-11-01 15:29 - 00000000 ____D () C:\FRST2014-11-01 15:27 - 2014-11-01 15:27 - 00180829 _____ () C:\Users\Roger\Downloads\2DE2.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00163877 _____ () C:\Users\Roger\Downloads\2DC0.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00150485 _____ () C:\Users\Roger\Downloads\2F21.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00129050 _____ () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.html2014-11-01 15:27 - 2014-11-01 15:27 - 00127639 _____ () C:\Users\Roger\Downloads\2DF3.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00113588 _____ () C:\Users\Roger\Downloads\2DB0.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00079618 _____ () C:\Users\Roger\Downloads\2E04.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00056879 _____ () C:\Users\Roger\Downloads\2DAF.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00045223 _____ () C:\Users\Roger\Downloads\2E67.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00030267 _____ () C:\Users\Roger\Downloads\2E24.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00025421 _____ () C:\Users\Roger\Downloads\2DD1.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00012576 _____ () C:\Users\Roger\Downloads\2E36.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00009336 _____ () C:\Users\Roger\Downloads\2EA9.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00008051 _____ () C:\Users\Roger\Downloads\2E78.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007306 _____ () C:\Users\Roger\Downloads\2E35.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F54.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F43.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F42.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F31.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F01.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00006287 _____ () C:\Users\Roger\Downloads\2E88.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00005869 _____ () C:\Users\Roger\Downloads\2E57.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00004077 _____ () C:\Users\Roger\Downloads\2EBA.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00004071 _____ () C:\Users\Roger\Downloads\2EEF.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00003017 _____ () C:\Users\Roger\Downloads\2EDE.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002923 _____ () C:\Users\Roger\Downloads\2F00.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002715 _____ () C:\Users\Roger\Downloads\2E25.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002207 _____ () C:\Users\Roger\Downloads\2DE1.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00001201 _____ () C:\Users\Roger\Downloads\2ECD.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00001042 _____ () C:\Users\Roger\Downloads\3040.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000729 _____ () C:\Users\Roger\Downloads\2ECC.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000558 _____ () C:\Users\Roger\Downloads\2EBB.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000225 _____ () C:\Users\Roger\Downloads\2EDD.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000203 _____ () C:\Users\Roger\Downloads\2F55.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000129 _____ () C:\Users\Roger\Downloads\2EAA.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000000 ____D () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum_files2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\ProgramData\Viewpoint2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\Program Files\Viewpoint2014-11-01 13:26 - 2014-11-01 13:37 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7a2014-11-01 13:15 - 2014-11-01 13:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Roger\Downloads\mbam_premium.exe2014-11-01 11:35 - 2014-11-01 11:35 - 01105920 _____ (Farbar) C:\Users\Roger\Downloads\FRST.exe2014-11-01 11:33 - 2014-11-01 11:34 - 14670424 _____ () C:\Users\Roger\Downloads\RogueKiller.exe2014-11-01 11:27 - 2014-11-01 11:28 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Roger\Downloads\tdsskiller.exe2014-11-01 05:16 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-11-01 05:16 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-11-01 05:16 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-11-01 05:16 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-11-01 05:15 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-11-01 05:15 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-11-01 05:15 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-11-01 04:58 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-11-01 04:35 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-11-01 04:22 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-01 03:18 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-01 03:18 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2014-11-01 02:23 - 2014-08-23 18:23 - 00068878 _____ () C:\Users\Roger\Downloads\Favorite Placesbak20140823.pfc2014-11-01 01:34 - 2014-11-01 01:35 - 04977216 _____ (Piriform Ltd) C:\Users\Roger\Downloads\ccsetup419.exe2014-11-01 01:11 - 2014-11-01 10:00 - 00000000 ____D () C:\AdwCleaner2014-11-01 00:05 - 2014-10-18 10:54 - 01976320 _____ () C:\Users\Roger\Desktop\adwcleaner_4.000.exe2014-10-31 18:03 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-10-31 18:03 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2014-10-31 18:03 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-10-31 18:03 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-31 18:03 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-10-31 18:03 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-10-31 18:03 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2014-10-31 18:03 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-10-31 18:03 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-10-31 18:03 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-10-31 18:03 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-10-31 18:03 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2014-10-31 18:03 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2014-10-31 18:03 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2014-10-31 18:03 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2014-10-31 18:03 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-31 18:03 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2014-10-31 18:03 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-10-31 18:03 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-31 18:03 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-31 18:03 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2014-10-31 18:02 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-31 18:02 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-31 18:02 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-31 18:02 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-31 18:02 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-31 18:02 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-31 18:02 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-31 18:02 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-31 18:02 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-31 18:02 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-31 18:02 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-31 18:02 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-31 18:02 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-31 18:02 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-31 18:01 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-10-31 18:01 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-10-31 18:01 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-10-31 18:01 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-10-31 18:01 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-10-31 18:01 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-10-31 18:01 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-10-31 18:01 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-10-31 18:01 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-10-31 18:00 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-10-31 18:00 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll2014-10-31 18:00 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2014-10-31 18:00 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2014-10-31 18:00 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2014-10-31 18:00 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll2014-10-31 18:00 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2014-10-31 18:00 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF2014-10-31 18:00 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2014-10-31 18:00 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2014-10-31 18:00 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-31 18:00 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2014-10-31 18:00 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll2014-10-31 18:00 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2014-10-31 18:00 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys2014-10-31 18:00 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2014-10-31 18:00 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2014-10-31 18:00 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2014-10-31 18:00 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2014-10-31 17:58 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-10-31 16:53 - 2014-11-01 15:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-31 16:52 - 2014-11-01 09:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-31 16:52 - 2014-10-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-31 16:52 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-31 16:52 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-31 16:09 - 2014-10-31 16:09 - 00002181 _____ () C:\Users\Roger\Downloads\TrainingWithDrDavidEifrig.ics2014-10-31 13:57 - 2014-10-31 13:57 - 00000000 _____ () C:\Windows\EEventManager.INI2014-10-30 13:56 - 2014-10-30 13:56 - 00554554 _____ () C:\Users\Roger\Documents\CoverLetter-IndBroadway.zip2014-10-30 13:56 - 2014-10-30 13:56 - 00000000 ____D () C:\Users\Roger\Documents\CoverLetter-IndBroadway2014-10-27 21:06 - 2014-10-27 21:07 - 05279866 _____ () C:\Users\Roger\Documents\IMG_0520.mov2014-10-24 10:36 - 2014-10-24 10:36 - 00251599 _____ () C:\Users\Roger\Documents\DSCN1264.zip2014-10-24 10:36 - 2014-10-24 10:36 - 00000000 ____D () C:\Users\Roger\Documents\DSCN12642014-10-23 16:50 - 2014-10-23 16:50 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Leadertech2014-10-23 16:46 - 2014-11-01 14:46 - 00000917 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job2014-10-23 16:46 - 2014-11-01 14:46 - 00000731 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job2014-10-23 16:46 - 2014-10-23 16:46 - 00000000 ____D () C:\Program Files\Common Files\EPSON2014-10-23 16:44 - 2014-10-23 16:44 - 00000159 _____ () C:\Users\Public\Desktop\Epson WF-3640 User’s Guide.url2014-10-23 16:43 - 2014-10-30 13:43 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Epson2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\Program Files\EPSON Software2014-10-23 16:41 - 2014-10-23 16:41 - 00000000 ____D () C:\Program Files\EpsonNet2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll2014-10-23 16:39 - 2014-10-23 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON2014-10-23 16:39 - 2014-10-23 16:44 - 00000000 ____D () C:\Program Files\epson2014-10-23 16:39 - 2014-10-23 16:39 - 00000767 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk2014-10-23 16:39 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll2014-10-23 16:39 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe2014-10-23 16:39 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\system32\twaindsm.dll2014-10-23 16:36 - 2013-10-22 04:04 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLMBKDE.DLL2014-10-23 16:36 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BKDE.DLL2014-10-23 16:36 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL2014-10-23 16:35 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\EPSON2014-10-23 16:33 - 2014-10-23 16:50 - 00000081 _____ () C:\Windows\WF-3640.ini2014-10-22 17:00 - 2014-10-22 17:00 - 00031744 _____ () C:\Users\Roger\Documents\DIRADRS-updatedOct2014.xls2014-10-16 18:03 - 2014-10-16 18:03 - 00000000 _____ () C:\Users\Roger\Downloads\Minecraft_exe.jht790q.partial2014-10-10 22:26 - 2014-10-10 22:26 - 01422871 _____ () C:\Users\Roger\Downloads\October Adens2014-10-10 16:10 - 2014-10-10 16:11 - 00000000 ____D () C:\Users\Roger\Documents\MTGNOTIC_Oct20142014-10-10 16:10 - 2014-10-10 16:10 - 00038714 _____ () C:\Users\Roger\Documents\MTGNOTIC_Oct2014.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 15:23 - 2013-09-20 21:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-11-01 15:23 - 2012-10-11 07:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-01 14:57 - 2012-05-25 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-01 14:07 - 2013-09-20 08:21 - 01222376 _____ () C:\Windows\WindowsUpdate.log2014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-11-01 13:35 - 2011-07-12 10:57 - 00092990 _____ () C:\install.log2014-11-01 13:34 - 2013-10-14 21:44 - 00000805 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk2014-11-01 13:34 - 2013-10-14 21:44 - 00000749 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk2014-11-01 13:34 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\AOL2014-11-01 13:34 - 2007-05-22 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL2014-11-01 13:33 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aol2014-11-01 13:28 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Local\AOL2014-11-01 13:26 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aolshare2014-11-01 13:26 - 2007-05-22 20:38 - 00000000 ____D () C:\ProgramData\AOL2014-11-01 10:09 - 2006-11-02 06:33 - 00707604 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-01 10:03 - 2014-02-13 06:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job2014-11-01 10:03 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-01 10:02 - 2013-09-20 08:17 - 00013086 _____ () C:\Windows\PFRO.log2014-11-01 10:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\SchCache2014-11-01 10:01 - 2006-11-02 08:58 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-11-01 06:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache2014-11-01 06:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-11-01 05:53 - 2006-11-02 08:44 - 00427712 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-01 03:59 - 2013-08-15 03:11 - 00000000 ____D () C:\Windows\system32\MRT2014-10-31 16:52 - 2013-08-21 15:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Malwarebytes2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-28 06:35 - 2009-10-03 01:44 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-27 17:35 - 2012-10-11 07:13 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-23 16:46 - 2013-09-21 18:17 - 00003228 _____ () C:\Windows\setupact.log2014-10-23 16:43 - 2007-05-16 03:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-10-23 16:40 - 2007-05-22 18:21 - 00000000 ____D () C:\Users\Roger2014-10-23 16:39 - 2006-11-02 08:35 - 00000000 ____D () C:\Windows\twain_322014-10-13 07:29 - 2012-11-06 23:11 - 00000000 ____D () C:\Users\Roger\AppData\Local\CrashDumps2014-10-03 10:03 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exeZeroAccess:C:\Users\Roger\AppData\Local\Google\Desktop\InstallZeroAccess:C:\Program Files\Google\Desktop\Install Some content of TEMP:====================C:\Users\Roger\AppData\Local\Temp\AcsInstall.dllC:\Users\Roger\AppData\Local\Temp\Quarantine.exeC:\Users\Roger\AppData\Local\Temp\SHFOLDER.DLLC:\Users\Roger\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-01 10:09 ==================== End Of Log ============================ >>>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014 Ran by Roger at 2014-11-01 15:31:03Running from C:\Users\Roger\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11 - Innovative Solutions)AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - )AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}) (Version: 1.1.3.26 - Apple Inc.)Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)Brother MFL-Pro Suite MFC-490CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.20 - BVRP Software, Inc)Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.42.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)Epson WF-3640 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )FileOpen Client Installer (HKLM\...\{39468292-5D68-4E93-9E09-5D9D5CA00E7A}) (Version: 3.0.6.878 - FileOpen Systems, Inc.)Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.3.1.518 - Foxit Software Company)Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.5 - Google Inc.) HiddenIntel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)Software Updater (HKLM\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)Sonic Activation Module (Version: 1.0 - Sonic Solutions) HiddenswMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{22A04790-1951-4514-AF1D-BC94B8B63C70}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\MessageProtocolX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{392777B8-79C3-4E1B-8CA2-DB2F9AD4DF37}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\TaskManagerX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4218E1B5-2288-4189-807C-6CFA4C8C629B}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\EventLoggingX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{790ACEF7-453A-4713-99C8-8D09A9B60186}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\CommandLineX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{96F86545-7514-4F4A-98F7-E26B36A9C50A}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\RegistryEditorX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{B8AAE7B6-87D4-4A2A-87E8-E4CAEF111E6D}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LiveConnectRelayX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{DC249AB2-0964-41F7-945F-AFC7039D7BA9}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\FileManagerX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F13EEFC9-D471-4824-8D54-8FA9F4FF587F}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\DesktopThumbnailX.ocx (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F6389D10-3244-4375-808A-1DFBC16317AE}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LocalUsersGroupsX.dll (Kaseya International Limited) ==================== Restore Points ========================= 23-10-2014 02:30:47 Scheduled Checkpoint23-10-2014 20:36:36 Device Driver Package Install: EPSON Printers23-10-2014 20:39:54 Device Driver Package Install: EPSON Imaging devices23-10-2014 20:40:34 Installed EpsonNet Print23-10-2014 20:42:51 Installed FAX Utility25-10-2014 04:00:04 Scheduled Checkpoint26-10-2014 04:00:03 Scheduled Checkpoint27-10-2014 04:00:05 Scheduled Checkpoint28-10-2014 04:00:05 Scheduled Checkpoint29-10-2014 04:00:05 Scheduled Checkpoint30-10-2014 04:00:04 Scheduled Checkpoint31-10-2014 04:00:04 Scheduled Checkpoint01-11-2014 07:03:29 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2011-12-03 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01FE05B7-25E9-40FC-9B68-FA17F941F2EE} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {347167BF-0C97-4610-ABC8-F005DF21F481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {364405BE-ADD2-4741-9CE3-F599D5F2363E} - System32\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {54E37598-CBA3-447E-B0D2-B386E9D0BB86} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {7BAE8880-8351-4C00-818D-4FFA16A0F589} - System32\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {88E3E3DF-C1B1-4C14-ACD1-EADA186FEB28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {A629AA1D-8564-4F43-AEEF-16903D5DBE11} - System32\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXETask: C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXETask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2007-06-07 11:06 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL2012-08-17 21:39 - 2013-09-20 22:03 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7a\zlib.dll2014-08-19 14:34 - 2014-08-19 14:34 - 21151232 _____ () C:\Program Files\AOL Desktop 9.7a\libcef.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7a\libglesv2.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7a\libegl.dll2014-10-27 17:35 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-27 17:34 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Roger\Documents\Carsofthe50'sand60's-2-12.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"MSCONFIG\startupreg: dsentu => "C:\Windows\System32\rundll32.exe" "C:\Users\Roger\AppData\Roaming\dsentu.dll",OptimizeMSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: pcwauy => C:\Users\Roger\pcwauy.exe /wMSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: rymuxhuxxick => C:\Users\Roger\rymuxhuxxick.exeMSCONFIG\startupreg: suftattipmih => C:\Users\Roger\suftattipmih.exeMSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: sylsuwafepuj => C:\Users\Roger\sylsuwafepuj.exeMSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hideMSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ========================= Accounts: ========================== Administrator (S-1-5-21-192517801-774707061-2340149944-500 - Administrator - Disabled)Guest (S-1-5-21-192517801-774707061-2340149944-501 - Limited - Disabled)Roger (S-1-5-21-192517801-774707061-2340149944-1000 - Administrator - Enabled) => C:\Users\Roger ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Transactions.Bridge.Dtc, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 03:58:41 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (11/01/2014 03:58:39 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (10/31/2014 11:09:52 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:50:38 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:37:08 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:28:48 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c System errors:=============Error: (11/01/2014 10:05:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (11/01/2014 10:03:20 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 10:03:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: SASKUTIL Error: (11/01/2014 10:03:17 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 10:01:05 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: IPsec Policy AgentBase Filtering Engine%%1290 Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Base Filtering Engine%%1290 Error: (11/01/2014 09:54:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Security Center%%1314 Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Windows FirewallBase Filtering Engine%%1290 Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Base Filtering Engine%%1290 Microsoft Office Sessions:=========================Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Transactions.Bridge.Dtc, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 03:58:41 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (11/01/2014 03:58:39 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (10/31/2014 11:09:52 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:50:38 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:37:08 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:28:48 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c CodeIntegrity Errors:=================================== Date: 2014-11-01 15:30:23.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:22.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:21.999 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:21.468 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:38.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.028 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:35.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:35.336 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® D CPU 3.00GHzPercentage of memory in use: 69%Total physical RAM: 2045.21 MBAvailable physical RAM: 628.52 MBTotal Pagefile: 4323.69 MBAvailable Pagefile: 2023.97 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1881.93 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:68.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.33 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 48000000)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  2. Have exactly the same problem as this thread: https://forums.malwarebytes.org/index.php?showtopic=138412&hl=%2Bscorpion+%2Bsaver#entry765860 - My Malwarebytes is current and does find the scorpion saver, conduit, and worse - a zero access rootkit - but when I try to finish the process to do the removals - malwarebytes hangs when it gets to "Level Quality Watcher" (see attached screenshot). I have gone ahead and scanned using RogueKiller as directed in the referenced thread above, and the log is attached. Thanks in advance for your assistance. RKreport0_S_12202013_091726.txt
  3. Hello, I'm having the following problem. I can run most files in Safe Mode, but when I try to run files in Normal mode it throws an error "the specified service does not exist as an installed service". This happened after a ZeroAccess infection back in 2012. DDS logs are attached. Thank you, Pavel
  4. Hi, I've kinda been following other threads about how to handle these Trojans and what they can do. I also understand that each case is unique so I would appreciate your help. I already have downloaded the necessary virus programs but ran ONLY my Malwarebytes and Chameleon, My Mcafee, (which I don't understand what I'm paying for if it can't catch these things), Rogue Killer; and Farbar. The only anti-virus that I've downloaded to my desk top but have NOT run is Combo-fix. I have ALL log files on hand but PLEASE let me know if I'm ahead of myself or not following your instruction. I REALLY want my computer clean and I WILL donate via Paypal after we're done. THANK YOU in advance. Here is the RK log identifying the Rans. gendarm trojan, I however could not find any evidence of the ZeroAccess Trojan. Please advise. RogueKiller V8.4.2 [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Kat Cyganiak [Admin rights] Mode : Scan -- Date : 01/07/2013 06:08:28 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 16 ¤¤¤ [RUN][Rans.Gendarm] HKUS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes[...]\Run : Update (rundll32.exe "C:\Users\Kat Cyganiak\AppData\Roaming\Elluminate\Elluminate\mijimxh.dll",DllRegisterServer) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : SymInstallStub (C:\Users\KATCYG~1\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=5 /affid=rplr /desktopshortcut=1 /startmenushortcut=1 /launchedby=3) -> FOUND [TASK][sUSP PATH] Norton Product InstallerIdle.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 -> FOUND [TASK][sUSP PATH] Norton Product Installer.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND [TASK][sUSP PATH] Norton Product Installer : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500418AS ATA Device +++++ --- User --- [MBR] eb6d0d160b40dc281d5f2801a0252f33 [bSP] 7dd49a80c8617bcaaa65ef71a28057c9 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_01072013_02d0608.txt >> RKreport[1]_S_01072013_02d0413.txt ; RKreport[2]_S_01072013_02d0608.txt
  5. hi, my daughters laptop,heavily cluttered win 7 laptop....is having major issues with updates failing,bluescreen on start up,no action center flag icon or notifications,defender&firewall dont seem to exist anymore, she had microsoft security essentials(now uninstalled by her)running,detected 2 kinds of sirefef,unsure what end letters of it were though mse removed the sirefef...daughter has been trying to resolve issues for long enough for her to think its time for a new laptop LOL but has probabally caused further damage attempting to make it work properly...PLEASE SOMEONE be brave & patient enough to try help me get it back in some sort of useable state...also....im not great computer wise.... would restoring it back to purchase date resolve this?thanks..
  6. Hello, I seem to have a zero access root kit on my machine and i think it happened after i foolishly clicked on a fake flash updater. I have followed the instructions in a few other threads where the person ishaving the same trouble and will attach the files to this post. Any help is greatly appreciated. The only thing I didnt do from the steps in other threads was use the user specific code and run combo fix since last time i did that i lost internet and never figured out how to get it back without a reformat. Attach.txt DDS.txt FRST.txt RKreport1.txt Search.txt
  7. Thank you in advance. I have been reading your posts for 3 days and based on an older previous forum thread from maddoktor, (now Mr. Charlie) with the following post I thought I was being hacked and have changed all logins and passwords for all sensitive on-line accounts. I was ready tonight to reformat and re-install XP PRO and lose ALOT of important data. I thought that this was bad because it is blocking a root scan. So, is this normal? 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 So, I have seen this many times in the forum and thought this was an indication that a Memory | Startup | Registry | File System had been disabled and I had a root/registry back door trojan. Now I think I may be OK. Please advise. This might be the easiest and most stupid post you have ever seen, but again, I am a little more than confused. Here is the entire result: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.13 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Pedro :: PWEDRO-C0FE6EED [administrator] 7/18/2012 11:58:59 PM mbam-log-2012-07-18 (23-58-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210559 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 I love your product, but may just have not understood that: Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: is normal. So, is it or maybe I'm not! Thanks, gapxppro
  8. Somehow got zero access on work laptop, mcafee detected it and deleted 6 files, but then I could not get to internet through air card or wifi. I am contractor to govt agency, laptop has safeboot on mbr, and although I have admin rights, they do not extend to the boot. I had made an image with True Image, but could not restore disk because of safeboot, so had to fedex laptop to IT support in another state. I was able to copy all my data to ext USB HDD, and had used a USB mem flash drive as well. I copied some data from ext HDD to personal laptop, but when I clicked remove device, the internal HDD access light flashed on and off for a long time, I never got the "safe to remove" message for the ext HDD, and the icon for remove hardware was greyed and could not be clicked. I have scanned everything with AVG (insrtalled on my laptop) and malwarebytes anti-malware and superantivirus and no problems found. (1) What products should I use to scan and protect the ext HDD and flash drive, to make sure I don't end up with the same problem on my personal laptop, or personal desk top? (2) Is there anyway to image C and restore C on work laptop (win XP pro) when I have no rights or control over MBR or safeboot? Any help or assistance will be greatly appreciated - gredhead
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.