Jump to content

Mariposa Infection?


Recommended Posts

Hey MBAM forums, I work tech support for housing at a university. We have a secure network where if a resident has an infection on their computer, our system quarantines them until it can be removed. Usually we can remove viruses no problem using MalwareBytes Anti-Malware, but recently we have been getting a hit labeled as a Mariposa infection and we currently cannot detect with any tools we have used.

I know that Mariposa is an old botnet infection, but it has since been shut down. There are also quite a few antivirus and anti malware programs that scan for Mariposa specifically, but nothing is found on the machines I have scanned.

Here is the DDS report:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Jerry at 17:35:14 on 2012-08-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.3656 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\windows\system32\mfevtps.exe

C:\windows\SysWOW64\PnkBstrA.exe

C:\windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\Explorer.EXE

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\windows\WebCam\S6000\S6000Mnt.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\SafeConnect\scManager.sys

C:\Program Files (x86)\SafeConnect\SCClient.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\mcafee\VirusScan\mcods.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mStart Page = hxxp://lenovo.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120825152302.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [s6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 10.2.1.174

TCP: Interfaces\{12CA5FA7-C721-45FE-9ABB-683AC1A36A31} : DhcpNameServer = 128.227.47.6 128.227.47.7

TCP: Interfaces\{3165BEE5-5B35-410F-B568-A721EA0D3DDB} : DhcpNameServer = 10.2.1.174

TCP: Interfaces\{3165BEE5-5B35-410F-B568-A721EA0D3DDB}\576696E666F6 : DhcpNameServer = 128.227.47.70

TCP: Interfaces\{3165BEE5-5B35-410F-B568-A721EA0D3DDB}\93458474144554 : DhcpNameServer = 93.188.161.105 93.188.166.105

TCP: Interfaces\{3165BEE5-5B35-410F-B568-A721EA0D3DDB}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120825152302.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [s6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\aliya8fg.default\

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Jerry\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]

R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-15 361984]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-4-10 199304]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-4-10 210616]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]

R2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [2012-4-10 454656]

R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]

R3 NMgamingmsFltr;USB Optical Mouse;C:\windows\system32\drivers\NMgamingms.sys --> C:\windows\system32\drivers\NMgamingms.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 S6000KNT;S6000KNT_WebCam Driver;C:\windows\system32\Drivers\S6000KNT.sys --> C:\windows\system32\Drivers\S6000KNT.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]

R3 vproiah;vproiah;C:\windows\system32\DRIVERS\vproiah.sys --> C:\windows\system32\DRIVERS\vproiah.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-25 250568]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 136176]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-4-10 225216]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-24 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-27 22:23:41 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76FE79C8-E5C6-41EB-B56C-9B430F8667AD}\offreg.dll

2012-08-27 21:02:47 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D85E3FCB-1497-431E-855E-DDFE03AE1D41}\gapaengine.dll

2012-08-27 21:02:42 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76FE79C8-E5C6-41EB-B56C-9B430F8667AD}\mpengine.dll

2012-08-27 21:00:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-08-27 21:00:19 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-08-27 21:00:01 -------- d-----w- C:\803c1486597b38adaf

2012-08-27 12:29:01 -------- d-----w- C:\Users\Jerry\AppData\Local\Macromedia

2012-08-26 15:38:37 -------- d-----w- C:\Users\Jerry\AppData\Local\Chromium

2012-08-26 15:37:25 3953632 ----a-w- C:\windows\SysWow64\GameMon.des

2012-08-26 15:37:11 5265 ----a-w- C:\windows\SysWow64\nppt9x.vxd

2012-08-26 15:37:11 4774 ----a-w- C:\windows\SysWow64\npptNT2.sys

2012-08-26 15:37:06 -------- d-----w- C:\Program Files\Common Files\INCA Shared

2012-08-26 13:12:11 27848 ----a-w- C:\windows\System32\drivers\vproiah.sys

2012-08-26 13:12:11 -------- d-----w- C:\ProgramData\IAHGames

2012-08-26 13:12:11 -------- d-----w- C:\Program Files (x86)\IAHgames

2012-08-26 06:09:14 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-08-26 06:09:14 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0

2012-08-26 06:09:09 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-08-26 06:09:08 3130440 ----a-w- C:\windows\SysWow64\pbsvc_blr.exe

2012-08-26 06:08:52 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-08-26 06:07:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-08-26 03:59:36 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-26 03:59:36 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-08-25 19:23:02 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2012-08-25 03:19:17 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-25 03:19:15 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-20 21:50:07 -------- d-----w- C:\Users\Jerry\AppData\Roaming\Malwarebytes

2012-08-20 21:49:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-20 21:49:14 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-08-20 21:49:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-20 15:29:59 -------- d-----w- C:\Users\Jerry\AppData\Local\Adobe

2012-08-16 07:07:01 552960 ----a-w- C:\windows\System32\drivers\bthport.sys

2012-08-16 01:59:47 503808 ----a-w- C:\windows\System32\srcore.dll

2012-08-16 01:59:47 43008 ----a-w- C:\windows\SysWow64\srclient.dll

2012-08-16 01:59:41 751104 ----a-w- C:\windows\System32\win32spl.dll

2012-08-16 01:59:41 559104 ----a-w- C:\windows\System32\spoolsv.exe

2012-08-16 01:59:41 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2012-08-16 01:59:40 67072 ----a-w- C:\windows\splwow64.exe

2012-08-16 01:59:09 59392 ----a-w- C:\windows\System32\browcli.dll

2012-08-16 01:59:09 136704 ----a-w- C:\windows\System32\browser.dll

2012-08-16 01:59:08 41984 ----a-w- C:\windows\SysWow64\browcli.dll

2012-08-16 01:59:05 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-08-16 01:59:02 956928 ----a-w- C:\windows\System32\localspl.dll

2012-08-14 22:58:13 -------- d-----w- C:\Users\Jerry\AppData\Local\Diagnostics

2012-08-14 12:37:02 -------- d--h--w- C:\Users\Jerry\AppData\Roaming\RPPrivate

2012-08-13 18:14:36 -------- d-----r- C:\Users\Jerry\Podcasts

2012-08-11 22:10:38 -------- d-----w- C:\Users\Jerry\AppData\Roaming\raidcall

2012-08-11 22:10:28 -------- d-----w- C:\Program Files (x86)\RaidCall

2012-08-03 12:00:18 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

.

==================== Find3M ====================

.

2012-07-06 02:06:30 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-07-06 02:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-06-06 12:49:52 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll

.

============= FINISH: 17:35:50.94 ===============

and here is Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/19/2012 11:32:49 PM

System Uptime: 8/26/2012 11:37:00 PM (42 hours ago)

.

Motherboard: LENOVO | | Torpedo

Processor: AMD A6-3420M APU with Radeon™ HD Graphics | Socket FS1 | 1500/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 422 GiB total, 351.85 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 26.882 GiB free.

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP19: 8/26/2012 2:08:02 AM - Installed NVIDIA PhysX

RP20: 8/26/2012 2:10:34 AM - Windows Update

RP21: 8/26/2012 3:00:12 AM - Windows Update

RP22: 8/27/2012 3:00:12 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Aleks 3.18

Alliance of Valiant Arms

AMD VISION Engine Control Center

Blacklight: Retribution

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combat Arms

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Energy Management

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

Java™ 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Lenovo EasyCamera

Lenovo Games Console

Lenovo OneKey Recovery

Lenovo YouCam

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee AntiVirus Plus

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Nexon Game Manager

NVIDIA PhysX

Onekey Theater

ooVoo

Power2Go

PowerXpressHybrid

PunkBuster Services

RaidCall

Ralink RT2860 Wireless LAN Card

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

RealUpgrade 1.1

SafeConnect

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Steam

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

UserGuide

VeriFace

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

8/28/2012 5:35:18 PM, Error: Service Control Manager [7016] - The Ralink UPnP Media Server service has reported an invalid current state 0.

8/28/2012 5:33:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.458.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/27/2012 5:02:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:02:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:02:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:02:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:02:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:02:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/27/2012 5:01:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Jerry-PC\Jerry Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

8/27/2012 5:01:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

8/27/2012 4:59:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR43.

8/27/2012 4:16:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR42.

8/27/2012 4:05:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR41.

8/27/2012 11:54:34 PM, Error: Disk [11] - The driver detected a controller error on \...\DR65.

8/26/2012 6:45:03 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

8/26/2012 6:45:03 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/26/2012 6:45:03 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/26/2012 6:45:03 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/26/2012 6:45:03 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/26/2012 6:45:03 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/26/2012 11:37:25 AM, Error: Service Control Manager [7030] - The nProtect GameGuard Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/25/2012 3:16:51 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

8/24/2012 11:56:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880033858d8, 0xfffff88003385130, 0xfffff880014b8027). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082412-27643-01.

8/24/2012 11:21:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/24/2012 11:21:14 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/23/2012 7:57:34 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.

8/23/2012 6:00:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello,

If you are a technician, corporate, business, educational, government or non-profit-organization, or MBAM-reseller, or MBAM-affiliate, then please contact corporate support here and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

If you're an MBAM customer, you contact the consumer help desk here

Be aware that this system is showing two antivirus apps. Pick one to keep, and un-install the other, and restart the system fresh.

Having 2 or more active-monitor antivirus programs will lead to conflicts and deadlocks.

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

Here are the results:

RogueKiller V8.0.0 [08/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jerry [Admin rights]

Mode : Scan -- Date : 08/29/2012 16:19:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BPVT-24HXZT3 SATA Disk Device +++++

--- User ---

[MBR] 0542e57b83efe97983d92a4e588577b3

[bSP] b082ab3ba0f45907e8a84c0e1f9c344d : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 431938 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 02

Ran by SYSTEM at 29-08-2012 16:58:32

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-15] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" [136488 2011-01-28] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [228448 2011-01-28] (CyberLink Corp.)

HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-10] (Lenovo)

HKLM-x32\...\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [222504 2010-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-08-03] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe [3076096 2012-07-18] (RAIDCALL.COM)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKU\Jerry\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-04-10] (Google Inc.)

HKU\Jerry\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-24] (Valve Corporation)

Tcpip\Parameters: [DhcpNameServer] 10.2.1.174

Startup: C:\Users\All Users\Start Menu\Programs\Startup\SafeConnect.lnk

ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\scClient.exe (Impulse Point, LLC)

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-08-25] ()

2 PnkBstrB; C:\windows\SysWow64\PnkBstrB.exe [189248 2012-08-25] ()

2 RaMediaServer; C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [454656 2010-05-19] ()

==================== Drivers (Whitelisted) ===================

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)

3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)

3 vproiah; C:\Windows\System32\Drivers\vproiah.sys [27848 2011-08-03] (RSJ Software GmbH)

3 BcmSqlStartupSvc; [x]

2 CLKMSVC10_3A60B698; [x]

2 CLKMSVC10_C3B3B687; [x]

2 DriverService; [x]

3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

2 IAStorDataMgrSvc; [x]

2 iATAgentService; [x]

2 idealife Update Service; [x]

3 IGRS; [x]

2 IviRegMgr; [x]

2 nvUpdatusService; [x]

2 Oasis2Service; [x]

2 PCCarerService; [x]

2 ReadyComm.DirectRouter; [x]

2 RichVideo; [x]

2 RtLedService; [x]

2 SeaPort; [x]

2 SoftwareService; [x]

3 SQLWriter; [x]

3 X6va009; \??\C:\windows\SysWOW64\Drivers\X6va009 [x]

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-08-29 12:19 - 2012-08-29 12:23 - 00001269 ____A C:\Users\Jerry\Desktop\RKreport[5].txt

2012-08-29 11:58 - 2012-08-29 11:58 - 00001324 ____A C:\Users\Jerry\Desktop\RKreport[4].txt

2012-08-28 15:26 - 2010-11-12 06:13 - 00171344 ____A (Kaspersky Lab ZAO) C:\Users\Jerry\Desktop\SalityKiller.exe

2012-08-28 14:55 - 2012-08-28 14:55 - 00072026 ____A C:\Users\Jerry\Desktop\Extras.Txt

2012-08-28 14:54 - 2012-08-28 14:54 - 00121766 ____A C:\Users\Jerry\Desktop\OTL.Txt

2012-08-28 14:43 - 2012-08-28 14:24 - 00598528 ____A (OldTimer Tools) C:\Users\Jerry\Desktop\OTL.exe

2012-08-28 14:19 - 2012-08-28 14:19 - 00001188 ____A C:\Users\Jerry\Desktop\RKreport[3].txt

2012-08-28 14:18 - 2012-08-28 14:18 - 00002205 ____A C:\Users\Jerry\Desktop\RKreport[2].txt

2012-08-28 14:17 - 2012-08-29 12:16 - 00002169 ____A C:\Users\Jerry\Desktop\RKreport[1].txt

2012-08-28 14:15 - 2012-08-28 14:02 - 01367552 ____A C:\Users\Jerry\Desktop\RogueKiller.exe

2012-08-28 14:14 - 2012-08-28 14:17 - 00000000 ____D C:\Users\Jerry\Desktop\RK_Quarantine

2012-08-28 14:10 - 2012-08-28 14:10 - 00014101 ____A C:\Users\Jerry\Desktop\hijackthis.log

2012-08-28 13:47 - 2012-08-28 13:47 - 00002975 ____A C:\Users\Jerry\Desktop\HiJackThis.lnk

2012-08-28 13:47 - 2012-08-28 13:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2012-08-28 13:36 - 2012-08-28 13:36 - 00027911 ____A C:\Users\Jerry\Desktop\DDS.txt

2012-08-28 13:36 - 2012-08-28 13:36 - 00021531 ____A C:\Users\Jerry\Desktop\Attach.txt

2012-08-28 13:28 - 2012-08-28 13:28 - 00607260 ____R (Swearware) C:\Users\Jerry\Desktop\dds.scr

2012-08-28 13:28 - 2012-08-28 13:27 - 01402880 ____A C:\Users\Jerry\Desktop\HiJackThis.msi

2012-08-27 13:00 - 2012-08-27 13:00 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-27 13:00 - 2012-08-27 13:00 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-08-27 13:00 - 2012-08-27 13:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-08-27 12:16 - 2012-08-27 12:14 - 17142744 ____A (Microsoft Corporation) C:\Users\Jerry\Desktop\Windows-KB890830-x64-V4.11.exe

2012-08-27 12:09 - 2012-08-03 00:46 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-08-27 04:29 - 2012-08-27 04:29 - 00000000 ____D C:\Users\Jerry\AppData\Local\Macromedia

2012-08-26 16:43 - 2012-08-26 16:43 - 03301528 ____A (Impulse Point, LLC) C:\Users\Jerry\Downloads\ServiceInstaller.exe

2012-08-26 07:38 - 2012-08-26 07:38 - 00000000 ____D C:\Users\Jerry\AppData\Local\Chromium

2012-08-26 07:37 - 2012-08-26 07:37 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

2012-08-26 07:37 - 2012-03-05 04:19 - 03953632 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des

2012-08-26 07:37 - 2012-02-01 11:50 - 00005265 ____A C:\Windows\SysWOW64\nppt9x.vxd

2012-08-26 07:37 - 2012-02-01 11:50 - 00004774 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys

2012-08-26 06:08 - 2012-08-26 06:08 - 00000000 ____D C:\Users\Jerry\Desktop\Uke Tabs

2012-08-26 05:12 - 2012-08-26 15:44 - 00002199 ____A C:\Users\Jerry\Desktop\Granado Espada.lnk

2012-08-26 05:12 - 2012-08-26 05:12 - 00002219 ____A C:\Users\Public\Desktop\IAHGames Player.lnk

2012-08-26 05:12 - 2012-08-26 05:12 - 00000000 ____D C:\Users\All Users\IAHGames

2012-08-26 05:12 - 2012-08-26 05:12 - 00000000 ____D C:\Program Files (x86)\IAHgames

2012-08-26 05:12 - 2011-08-03 11:20 - 00027848 ____A (RSJ Software GmbH) C:\Windows\System32\Drivers\vproiah.sys

2012-08-25 22:35 - 2012-08-25 22:35 - 00592296 ____A (IAHGames ) C:\Users\Jerry\Downloads\iahgames-setup-1.2.2.exe

2012-08-25 22:13 - 2012-08-27 13:00 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-25 22:09 - 2012-08-25 22:09 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-08-25 22:09 - 2012-08-25 22:09 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-08-25 22:09 - 2012-08-25 22:09 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-08-25 22:09 - 2012-08-25 20:51 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-08-25 22:08 - 2012-08-25 22:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2012-08-25 21:28 - 2012-08-25 21:29 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\ijjigame

2012-08-25 20:36 - 2012-08-25 20:37 - 00000000 ____D C:\Users\Jerry\Desktop\Games

2012-08-25 19:59 - 2012-08-29 12:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-25 19:59 - 2012-08-25 19:59 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-25 19:59 - 2012-08-25 19:59 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-25 19:59 - 2012-08-25 19:59 - 00000000 ____D C:\Windows\System32\Macromed

2012-08-24 19:19 - 2012-08-29 12:19 - 00000000 ____D C:\Program Files (x86)\Steam

2012-08-24 19:19 - 2012-08-24 19:19 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-08-24 19:18 - 2012-08-24 19:18 - 01606656 ____A C:\Users\Jerry\Downloads\SteamInstall.msi

2012-08-24 15:50 - 2012-08-29 12:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-08-24 15:50 - 2012-08-24 15:50 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-08-24 15:50 - 2012-08-24 15:50 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Mozilla

2012-08-24 15:50 - 2012-08-24 15:50 - 00000000 ____D C:\Users\Jerry\AppData\Local\Mozilla

2012-08-24 15:50 - 2012-08-24 15:50 - 00000000 ____D C:\Users\All Users\Mozilla

2012-08-24 15:50 - 2012-08-24 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-08-24 15:49 - 2012-08-24 15:49 - 16814136 ____A (Mozilla) C:\Users\Jerry\Downloads\Firefox Setup 14.0.1.exe

2012-08-24 07:56 - 2012-08-24 07:56 - 505443442 ____A C:\Windows\MEMORY.DMP

2012-08-24 07:56 - 2012-08-24 07:56 - 00275440 ____A C:\Windows\Minidump\082412-27643-01.dmp

2012-08-24 07:56 - 2012-08-24 07:56 - 00000000 ____D C:\Windows\Minidump

2012-08-24 07:13 - 2012-08-24 07:13 - 00000000 ____A C:\Users\Jerry\Desktop\New Text Document.txt

2012-08-22 14:09 - 2012-08-22 14:09 - 00001519 ____A C:\Users\Jerry\Downloads\lectures.xml

2012-08-22 04:42 - 2012-08-22 04:42 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-08-22 04:42 - 2012-08-22 04:42 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-08-20 13:50 - 2012-08-20 13:50 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Malwarebytes

2012-08-20 13:49 - 2012-08-20 13:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-20 13:49 - 2012-08-20 13:49 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-20 13:49 - 2012-08-20 13:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-20 13:49 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-20 13:48 - 2012-08-20 13:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jerry\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-20 07:29 - 2012-08-20 07:29 - 00000000 ____D C:\Users\Jerry\AppData\Local\Adobe

2012-08-20 07:00 - 2012-08-25 19:59 - 00000000 ____D C:\Users\All Users\Adobe

2012-08-20 05:59 - 2012-08-22 04:51 - 00000000 ____D C:\Users\Jerry\Desktop\School Work

2012-08-15 23:07 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-08-15 23:06 - 2012-08-15 23:06 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2012-08-15 23:06 - 2012-08-15 23:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2012-08-15 23:04 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-15 23:04 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-15 23:04 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-15 23:04 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-15 23:04 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-15 23:04 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-15 23:04 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-15 23:04 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-15 23:04 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-15 23:04 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-15 23:04 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-15 23:04 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-15 23:04 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-15 23:04 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-15 23:04 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-15 23:04 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-15 23:04 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-15 23:04 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-15 23:04 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-15 23:04 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-15 23:04 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-15 23:04 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-15 23:04 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-15 23:04 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-15 23:04 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-15 23:04 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-15 23:04 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-15 23:04 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-15 17:59 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-15 17:59 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-15 17:59 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-15 17:59 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-15 17:59 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-15 17:59 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-15 17:59 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-15 17:59 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-15 17:59 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-15 17:59 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-15 17:59 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-15 17:59 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-15 17:59 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-14 15:07 - 2012-08-29 12:18 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log

2012-08-14 04:37 - 2012-08-22 17:13 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\RPPrivate

2012-08-13 10:14 - 2012-08-13 10:14 - 00000000 ___RD C:\Users\Jerry\Podcasts

2012-08-13 10:07 - 2012-08-13 10:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2012-08-13 10:07 - 2012-08-13 10:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf

2012-08-11 14:10 - 2012-08-11 14:11 - 00000000 ____D C:\Program Files (x86)\RaidCall

2012-08-11 14:10 - 2012-08-11 14:10 - 05137277 ____A C:\Users\Jerry\Downloads\raidcall_v7.0.2.exe

2012-08-11 14:10 - 2012-08-11 14:10 - 00001007 ____A C:\Users\Jerry\Desktop\RaidCall.lnk

2012-08-11 14:10 - 2012-08-11 14:10 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\raidcall

2012-08-10 02:06 - 2012-08-10 02:06 - 00770323 ____A C:\Users\Jerry\Desktop\Jerry Elie LM Presentation.pptx

2012-08-03 04:00 - 2012-08-03 04:00 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

2012-08-03 04:00 - 2012-08-03 04:00 - 00001264 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-08-03 03:59 - 2012-08-22 17:14 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Real

2012-08-03 03:59 - 2012-08-03 04:00 - 00000000 ____D C:\Program Files (x86)\Real

2012-08-03 03:59 - 2012-08-03 03:59 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll

2012-08-03 03:59 - 2012-08-03 03:59 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll

2012-08-03 03:59 - 2012-08-03 03:59 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll

2012-08-03 03:57 - 2012-08-03 03:57 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Jerry\Downloads\RealPlayer (1).exe

2012-08-03 03:56 - 2012-08-03 04:01 - 00000000 ____D C:\Users\All Users\Real

2012-08-03 03:56 - 2012-08-03 03:56 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Jerry\Downloads\RealPlayer.exe

==================== 3 Months Modified Files ================================

2012-08-29 12:52 - 2012-04-10 01:26 - 00343933 ____A C:\FaceProv.log

2012-08-29 12:52 - 2012-04-10 00:52 - 01917055 ____A C:\Windows\WindowsUpdate.log

2012-08-29 12:52 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-29 12:52 - 2009-07-13 20:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-29 12:38 - 2009-07-13 21:13 - 00782270 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-29 12:30 - 2012-08-25 19:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-29 12:23 - 2012-08-29 12:19 - 00001269 ____A C:\Users\Jerry\Desktop\RKreport[5].txt

2012-08-29 12:18 - 2012-08-14 15:07 - 00000000 ____A C:\Windows\SysWOW64\filetrace.log

2012-08-29 12:18 - 2012-04-10 01:40 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-29 12:18 - 2012-04-10 01:28 - 00287699 ____A C:\Windows\System32\fastboot.set

2012-08-29 12:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-29 12:18 - 2009-07-13 20:51 - 00057957 ____A C:\Windows\setupact.log

2012-08-29 12:17 - 2010-11-20 19:47 - 00348856 ____A C:\Windows\PFRO.log

2012-08-29 12:16 - 2012-08-28 14:17 - 00002169 ____A C:\Users\Jerry\Desktop\RKreport[1].txt

2012-08-29 11:58 - 2012-08-29 11:58 - 00001324 ____A C:\Users\Jerry\Desktop\RKreport[4].txt

2012-08-29 11:56 - 2012-04-10 01:40 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-28 15:26 - 2009-07-13 18:34 - 00000219 ____A C:\Windows\system.ini

2012-08-28 14:55 - 2012-08-28 14:55 - 00072026 ____A C:\Users\Jerry\Desktop\Extras.Txt

2012-08-28 14:54 - 2012-08-28 14:54 - 00121766 ____A C:\Users\Jerry\Desktop\OTL.Txt

2012-08-28 14:24 - 2012-08-28 14:43 - 00598528 ____A (OldTimer Tools) C:\Users\Jerry\Desktop\OTL.exe

2012-08-28 14:19 - 2012-08-28 14:19 - 00001188 ____A C:\Users\Jerry\Desktop\RKreport[3].txt

2012-08-28 14:18 - 2012-08-28 14:18 - 00002205 ____A C:\Users\Jerry\Desktop\RKreport[2].txt

2012-08-28 14:10 - 2012-08-28 14:10 - 00014101 ____A C:\Users\Jerry\Desktop\hijackthis.log

2012-08-28 14:02 - 2012-08-28 14:15 - 01367552 ____A C:\Users\Jerry\Desktop\RogueKiller.exe

2012-08-28 13:47 - 2012-08-28 13:47 - 00002975 ____A C:\Users\Jerry\Desktop\HiJackThis.lnk

2012-08-28 13:36 - 2012-08-28 13:36 - 00027911 ____A C:\Users\Jerry\Desktop\DDS.txt

2012-08-28 13:36 - 2012-08-28 13:36 - 00021531 ____A C:\Users\Jerry\Desktop\Attach.txt

2012-08-28 13:28 - 2012-08-28 13:28 - 00607260 ____R (Swearware) C:\Users\Jerry\Desktop\dds.scr

2012-08-28 13:27 - 2012-08-28 13:28 - 01402880 ____A C:\Users\Jerry\Desktop\HiJackThis.msi

2012-08-27 13:00 - 2012-08-27 13:00 - 00001945 ____A C:\Windows\epplauncher.mif

2012-08-27 13:00 - 2012-08-25 22:13 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-27 12:14 - 2012-08-27 12:16 - 17142744 ____A (Microsoft Corporation) C:\Users\Jerry\Desktop\Windows-KB890830-x64-V4.11.exe

2012-08-26 16:43 - 2012-08-26 16:43 - 03301528 ____A (Impulse Point, LLC) C:\Users\Jerry\Downloads\ServiceInstaller.exe

2012-08-26 15:44 - 2012-08-26 05:12 - 00002199 ____A C:\Users\Jerry\Desktop\Granado Espada.lnk

2012-08-26 05:12 - 2012-08-26 05:12 - 00002219 ____A C:\Users\Public\Desktop\IAHGames Player.lnk

2012-08-25 22:35 - 2012-08-25 22:35 - 00592296 ____A (IAHGames ) C:\Users\Jerry\Downloads\iahgames-setup-1.2.2.exe

2012-08-25 22:09 - 2012-08-25 22:09 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-08-25 22:09 - 2012-08-25 22:09 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-08-25 22:09 - 2012-08-25 22:09 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-08-25 20:51 - 2012-08-25 22:09 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-08-25 19:59 - 2012-08-25 19:59 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-25 19:59 - 2012-08-25 19:59 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-24 19:19 - 2012-08-24 19:19 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk

2012-08-24 19:18 - 2012-08-24 19:18 - 01606656 ____A C:\Users\Jerry\Downloads\SteamInstall.msi

2012-08-24 15:50 - 2012-08-24 15:50 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-08-24 15:49 - 2012-08-24 15:49 - 16814136 ____A (Mozilla) C:\Users\Jerry\Downloads\Firefox Setup 14.0.1.exe

2012-08-24 07:56 - 2012-08-24 07:56 - 505443442 ____A C:\Windows\MEMORY.DMP

2012-08-24 07:56 - 2012-08-24 07:56 - 00275440 ____A C:\Windows\Minidump\082412-27643-01.dmp

2012-08-24 07:13 - 2012-08-24 07:13 - 00000000 ____A C:\Users\Jerry\Desktop\New Text Document.txt

2012-08-22 14:09 - 2012-08-22 14:09 - 00001519 ____A C:\Users\Jerry\Downloads\lectures.xml

2012-08-22 04:42 - 2012-08-22 04:42 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-08-21 17:58 - 2012-04-10 01:41 - 00002336 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-08-20 13:49 - 2012-08-20 13:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-20 13:48 - 2012-08-20 13:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jerry\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-16 04:12 - 2009-07-13 20:45 - 00362632 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-15 23:44 - 2012-07-19 19:33 - 00002130 ____A C:\Users\Jerry\Desktop\OneKey Recovery.lnk

2012-08-13 10:07 - 2012-08-13 10:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2012-08-13 10:07 - 2012-08-13 10:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf

2012-08-11 14:10 - 2012-08-11 14:10 - 05137277 ____A C:\Users\Jerry\Downloads\raidcall_v7.0.2.exe

2012-08-11 14:10 - 2012-08-11 14:10 - 00001007 ____A C:\Users\Jerry\Desktop\RaidCall.lnk

2012-08-10 02:06 - 2012-08-10 02:06 - 00770323 ____A C:\Users\Jerry\Desktop\Jerry Elie LM Presentation.pptx

2012-08-03 04:00 - 2012-08-03 04:00 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

2012-08-03 04:00 - 2012-08-03 04:00 - 00001264 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-08-03 03:59 - 2012-08-03 03:59 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll

2012-08-03 03:59 - 2012-08-03 03:59 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll

2012-08-03 03:59 - 2012-08-03 03:59 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll

2012-08-03 03:57 - 2012-08-03 03:57 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Jerry\Downloads\RealPlayer (1).exe

2012-08-03 03:56 - 2012-08-03 03:56 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Jerry\Downloads\RealPlayer.exe

2012-08-03 00:46 - 2012-08-27 12:09 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-08-03 00:27 - 2012-07-21 03:02 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-28 18:48 - 2012-07-28 18:48 - 00001603 ____A C:\Users\Public\Desktop\Combat Arms.lnk

2012-07-28 18:43 - 2012-07-28 17:24 - 1700455576 ____A (Nexon) C:\Users\Jerry\Downloads\Combatarms_VER_US_2.1207.07.exe

2012-07-26 02:30 - 2012-07-26 02:31 - 00069594 ____A C:\Users\Jerry\Desktop\FAI Process Flow.pptx

2012-07-25 18:49 - 2012-07-25 18:49 - 00893936 ____A (Oracle Corporation) C:\Users\Jerry\Desktop\chromeinstall-7u5.exe

2012-07-25 18:32 - 2012-07-25 18:32 - 00469200 ____A (Cloudpath Networks, Inc.) C:\Users\Jerry\Desktop\NetworkWizardLoader.exe

2012-07-20 14:14 - 2012-07-19 19:36 - 00088512 ____A C:\Users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-19 19:37 - 2012-07-19 19:33 - 00001118 ____A C:\Users\Jerry\Desktop\Cyberlink Power2Go.lnk

2012-07-19 19:33 - 2012-07-19 19:33 - 00000020 ___SH C:\Users\Jerry\ntuser.ini

2012-07-18 10:15 - 2012-08-15 17:59 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-06 12:07 - 2012-08-15 23:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-07-05 18:06 - 2012-07-25 18:51 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-07-05 18:06 - 2012-07-25 18:51 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-07-04 14:16 - 2012-08-15 17:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-15 17:59 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-15 17:59 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-15 17:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-15 17:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-03 09:46 - 2012-08-20 13:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-28 20:55 - 2012-08-15 23:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-15 23:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-15 23:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-15 23:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-15 23:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-15 23:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-15 23:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-15 23:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-15 23:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-15 23:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-15 23:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-15 23:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-15 23:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-15 23:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-15 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-15 23:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-15 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-15 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-15 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-15 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-15 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-15 23:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-15 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-15 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-15 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-15 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-08 21:43 - 2012-07-20 15:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-20 15:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-06 04:49 - 2012-06-06 04:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX

2012-06-05 22:06 - 2012-07-20 15:28 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-20 15:28 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-20 15:21 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-20 15:28 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-20 15:28 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-20 15:21 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-07-19 19:34 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-07-19 19:34 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-07-19 19:34 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-07-19 19:34 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-07-19 19:34 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-07-19 19:34 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-07-19 19:34 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-07-19 19:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-07-19 19:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 21:50 - 2012-07-20 15:27 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-20 15:27 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-20 15:27 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-20 15:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-20 15:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-20 15:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-20 15:27 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-20 15:27 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-20 15:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-26 23:00:39

Restore point made on: 2012-08-28 13:47:22

Restore point made on: 2012-08-28 14:50:04

Restore point made on: 2012-08-28 15:19:40

Restore point made on: 2012-08-28 15:20:29

Restore point made on: 2012-08-29 12:49:09

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 5606.11 MB

Available physical RAM: 4932.66 MB

Total Pagefile: 5604.31 MB

Available Pagefile: 4918.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:358.6 GB) NTFS

2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.88 GB) NTFS

4 Drive g: (MURPHREE) (Removable) (Total:3.76 GB) (Free:3.03 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 1024 KB

Disk 1 Online 3853 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 200 MB 1024 KB

Partition 2 Primary 421 GB 201 MB

Partition 0 Extended 28 GB 422 GB

Partition 4 Logical 28 GB 422 GB

Partition 3 OEM 14 GB 451 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y NTFS Partition 200 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 421 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D LENOVO NTFS Partition 28 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 12

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 3853 MB 0 B

==================================================================================

Disk: 1

There is no partition selected.

There is no partition selected.

Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-26 21:24

==================== End Of Log =============================

Link to post
Share on other sites

Search.txt

Farbar Recovery Scan Tool Version: 29-08-2012 02

Ran by SYSTEM at 2012-08-29 17:00:30

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

Temporarily turn off your Mcafee antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes

    then select/click Malwarebytes Anti-Malware Chameleon

  3. Once the Help file opens, click on a Chameleon button (starting with #1)
  4. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  5. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the top
  6. Press any key to continue as it says in the window {space-bar will do}
  7. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  8. Have infinite patience during this process
  9. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  10. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  11. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  12. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  13. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  14. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  15. If prompted to restart your computer to complete the removal process, click Yes :excl:
  16. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  17. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Link to post
Share on other sites

Yes, there is more to do & follow-up on. But please do NOT run tools on your own. Please follow my guidance.

The logs are somewhat confusing (?) about your main antivirus program. It really shows 2 antivirus programs: McAfee and MS Security Essentials.

Which one(s) is/are currently installed ?? You should only have only 1 active-monitor antivirus.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 4

Here's another tool to use: MSRT from Microsoft.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Step 5

Now, Re-enable your antivirus program.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

You are welcome. We can wrap this up now.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

RogueKiller.exe

RKILL

Stinger.exe

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.