Jump to content

Malwarebytes hangs and not responding


Recommended Posts

Hi Y'all!

 

My girlfriends PC started acting up and when it refused to finish loading all her start-up programs after a 24 hr waiting period I figured it was time to take a deeper dive.

 

Upon normal start-up the computer will not not finish loading spotify or other programs that are normally enabled to start up.

 

After disabling many of these programs via msconfig along with anything I deemed unnecessary for troubleshooting I rebooted to no avail...sure things started faster but this time I noticed that there was additionally no internet access. The browsers won't register but programs CAN update so thats probably a browser issue. Other programs like the gaming platform "Steam" wont finish loading either. I've tried installing malwarebytes, changing the file name and the extension, running it from a USB (installed on the USB via another computer), running MBAM-cleaner.exe, running a myriad of other cleaners, running rKill and THEN trying MBAM but cant get past install. If I run MBAM from a USB device then the program will start up but it will  give me run-time error 13. I've reset the clock standards per the suggestions on malwarebyte forums hh:mm:ss:tt etc. but it still gives me the error.

 

Alas, I digress and come before the community...

 

I've run the DDS and have attached the logs dds.txt and attach.txt to this post.

 

Additionally I will copy paste them below in the respective order.

 

Thank you so much in advance!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Deborah at 15:47:01 on 2013-06-29
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uLocal Page = C:\Windows\System32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uProxyOverride = *.local;<local>
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-System: disableregistrytools = dword:0
uPolicies-Windows\System: disablecmd = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoRun = dword:0
mPolicies-Explorer: NoControlPanel = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: DisableTaskMgr = dword:0
mPolicies-System: DisableRegistryTools = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - 
LSP: %SystemRoot%\system32\mswsock.dll
TCP: NameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{1E5DDFD2-9EA3-43D4-9BD1-D6BA66DFC52F} : DHCPNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{1E5DDFD2-9EA3-43D4-9BD1-D6BA66DFC52F}\2656C6B696E6E2634623 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1E5DDFD2-9EA3-43D4-9BD1-D6BA66DFC52F}\54D6F627977457563747 : DHCPNameServer = 208.67.220.220 208.67.222.222
TCP: Interfaces\{1E5DDFD2-9EA3-43D4-9BD1-D6BA66DFC52F}\C696E6B637973702230223 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{C936D81D-85F4-402A-9B52-83909B1B1A17} : DHCPNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - <orphaned>
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile="regedit.exe" "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "%1"
ShellExec: CTCMSu.exe: Open="C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L"
ShellExec: CTCMSu.exe: Play="C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: left4dead2.exe: open="c:\program files (x86)\steam\steam\steamapps\common\left 4 dead 2\left4dead2.exe" "%1"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: ois.exe: Edit=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellEdit "%1"
ShellExec: ois.exe: Open=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
ShellExec: ois.exe: Preview=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellPreview "%1"
ShellExec: PDFXCview.exe: open="C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
ShellExec: Winword.exe: edit="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: wksss.exe: open=C:\PROGRA~2\MICROS~2\wksss.exe "%1"
ShellExec: wkswp.exe: open=C:\PROGRA~2\MICROS~2\WksWP.exe "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-06-29 19:40:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-29 19:37:59 -------- d-----w- C:\Users\Deborah\AppData\Roaming\Malwarebytes
2013-06-29 19:37:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-29 17:07:18 -------- d-----w- C:\Users\Deborah\AppData\Roaming\SUPERAntiSpyware.com
2013-06-29 17:07:14 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-29 17:07:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-06-29 08:08:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-29 08:06:13 -------- d-----w- C:\Program Files (x86)\IObit
2013-06-29 07:56:09 -------- d-----w- C:\Program Files\hc
2013-06-29 05:32:12 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-06-29 05:32:11 378432 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-06-29 05:32:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-06-29 05:32:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-06-29 05:32:09 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-29 05:32:09 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-29 05:32:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-06-29 05:32:04 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-06-29 05:32:04 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-06-29 05:31:35 41664 ----a-w- C:\Windows\avastSS.scr
2013-06-29 05:31:19 -------- d-----w- C:\Program Files\AVAST Software
2013-06-29 05:31:10 -------- d-----w- C:\ProgramData\AVAST Software
2013-06-29 05:05:55 -------- d-----w- C:\Qoobox
2013-06-29 05:05:30 -------- d-----w- C:\Windows\erdnt
2013-06-29 05:05:26 -------- d-s---w- C:\32788R22FWJFW
2013-06-29 03:53:32 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D1D14C7-216D-4A8A-9555-2E779DDEB075}\gapaengine.dll
2013-06-29 03:52:51 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97307A28-D176-47A9-8F41-D23DFDFB5EC1}\mpengine.dll
2013-06-29 03:36:16 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 22:04:44 -------- d-----w- C:\Windows\pss
2013-06-15 21:47:37 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-15 21:47:37 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-15 21:47:36 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 21:47:36 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 21:47:35 1365504 ----a-w- C:\Windows\System32\urlmon.dll
2013-06-15 21:47:35 1141248 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-06-15 21:47:34 2046976 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-06-15 21:47:33 2648064 ----a-w- C:\Windows\System32\iertutil.dll
2013-06-15 21:47:32 526336 ----a-w- C:\Windows\System32\ieui.dll
2013-06-15 21:47:32 391168 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-06-15 21:47:30 15404544 ----a-w- C:\Windows\System32\ieframe.dll
2013-06-15 21:47:30 13760512 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-06-15 21:47:28 19233792 ----a-w- C:\Windows\System32\mshtml.dll
2013-06-15 21:47:24 14327808 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-06-15 18:08:38 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-15 18:08:38 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-06-15 18:08:38 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-15 18:08:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-15 18:08:37 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-06-15 18:08:36 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-15 18:08:36 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-06-15 18:08:36 39936 ----a-w- C:\Windows\System32\iernonce.dll
2013-06-15 18:08:36 33280 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-06-15 18:08:35 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-15 18:08:35 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-15 18:08:35 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-15 18:08:35 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-15 18:08:33 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-06-15 18:08:33 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-06-15 18:08:33 603136 ----a-w- C:\Windows\System32\msfeeds.dll
2013-06-15 18:08:33 493056 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-06-15 18:08:32 855552 ----a-w- C:\Windows\System32\jscript.dll
2013-06-15 18:08:32 690688 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-06-15 18:08:31 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-15 18:08:30 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-15 18:08:30 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-15 18:08:28 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-15 18:08:28 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-15 18:08:28 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-15 18:08:27 53248 ----a-w- C:\Windows\System32\jsproxy.dll
2013-06-15 18:08:27 39424 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-06-15 18:08:27 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-15 18:08:26 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-14 03:42:31 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-14 03:42:30 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-14 03:42:30 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-14 03:42:28 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-14 03:42:27 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-14 03:42:20 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-14 03:42:20 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-14 03:42:19 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-14 03:42:18 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-14 03:42:18 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-14 03:42:16 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-14 03:42:16 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-14 03:42:16 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-14 03:42:15 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-14 03:42:15 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-14 03:42:15 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-14 03:42:15 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-14 03:42:08 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-14 03:42:08 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-06 19:23:29 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-06 19:23:28 82432 ----a-w- C:\Windows\SysWow64\inseng.dll
2013-06-06 19:23:28 79872 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-06-06 19:23:28 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-06-06 19:23:28 70568 ----a-w- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
2013-06-06 19:23:28 697344 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-06-06 19:23:28 57344 ----a-w- C:\Windows\SysWow64\pngfilt.dll
2013-06-06 19:23:28 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-06-06 19:23:28 52224 ----a-w- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
2013-06-06 19:23:28 392080 ----a-w- C:\Program Files (x86)\Internet Explorer\pdm.dll
2013-06-06 19:23:28 285080 ----a-w- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
2013-06-06 19:23:28 226304 ----a-w- C:\Windows\System32\elshyph.dll
2013-06-06 19:23:28 204800 ----a-w- C:\Windows\SysWow64\webcheck.dll
2013-06-06 19:23:28 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-06-06 19:23:28 163840 ----a-w- C:\Windows\SysWow64\msrating.dll
2013-06-06 19:23:28 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-06-06 19:23:28 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-06-06 19:23:28 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-06-06 19:23:28 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-06-06 19:23:27 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-06-06 19:23:27 69120 ----a-w- C:\Windows\SysWow64\icardie.dll
2013-06-06 19:23:27 629248 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2013-06-06 19:23:27 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-06-06 19:23:27 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-06-06 19:23:27 467456 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-06-06 19:23:27 440320 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-06-06 19:23:27 41984 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2013-06-06 19:23:27 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-06-06 19:23:27 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-06-06 19:23:27 357888 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2013-06-06 19:23:27 294400 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2013-06-06 19:23:27 24576 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
2013-06-06 19:23:27 242200 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2013-06-06 19:23:27 232960 ----a-w- C:\Windows\SysWow64\url.dll
2013-06-06 19:23:27 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-06-06 19:23:27 226816 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2013-06-06 19:23:27 222208 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2013-06-06 19:23:27 147456 ----a-w- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
2013-06-06 19:23:27 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-06-06 19:23:27 1400416 ----a-w- C:\Windows\SysWow64\ieapfltr.dat
2013-06-06 19:23:27 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-06-06 19:23:27 125440 ----a-w- C:\Windows\SysWow64\occache.dll
2013-06-06 19:23:27 11776 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2013-06-06 19:23:27 117248 ----a-w- C:\Windows\SysWow64\iepeers.dll
2013-06-06 19:23:27 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-06-06 19:23:26 197120 ----a-w- C:\Windows\System32\msrating.dll
2013-06-06 19:23:25 97280 ----a-w- C:\Windows\System32\mshtmled.dll
2013-06-06 19:23:25 905728 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2013-06-06 19:23:25 886784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-06-06 19:23:25 81408 ----a-w- C:\Windows\System32\icardie.dll
2013-06-06 19:23:25 762368 ----a-w- C:\Windows\System32\ieapfltr.dll
2013-06-06 19:23:25 72624 ----a-w- C:\Program Files\Internet Explorer\pdmproxy100.dll
2013-06-06 19:23:25 67584 ----a-w- C:\Program Files\Internet Explorer\JSProfilerCore.dll
2013-06-06 19:23:25 62976 ----a-w- C:\Windows\System32\pngfilt.dll
2013-06-06 19:23:25 599552 ----a-w- C:\Windows\System32\vbscript.dll
2013-06-06 19:23:25 514952 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2013-06-06 19:23:25 452096 ----a-w- C:\Windows\System32\dxtmsft.dll
2013-06-06 19:23:25 448000 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2013-06-06 19:23:25 441856 ----a-w- C:\Windows\System32\html.iec
2013-06-06 19:23:25 368024 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2013-06-06 19:23:25 281600 ----a-w- C:\Windows\System32\dxtrans.dll
2013-06-06 19:23:25 27648 ----a-w- C:\Windows\System32\licmgr10.dll
2013-06-06 19:23:25 270848 ----a-w- C:\Windows\System32\iedkcs32.dll
2013-06-06 19:23:25 247296 ----a-w- C:\Windows\System32\webcheck.dll
2013-06-06 19:23:25 235008 ----a-w- C:\Windows\System32\url.dll
2013-06-06 19:23:25 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2013-06-06 19:23:25 216064 ----a-w- C:\Windows\System32\msls31.dll
2013-06-06 19:23:25 173568 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-06-06 19:23:25 167424 ----a-w- C:\Windows\System32\iexpress.exe
2013-06-06 19:23:25 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-06-06 19:23:25 149504 ----a-w- C:\Windows\System32\occache.dll
2013-06-06 19:23:25 144896 ----a-w- C:\Windows\System32\wextract.exe
2013-06-06 19:23:25 1400416 ----a-w- C:\Windows\System32\ieapfltr.dat
2013-06-06 19:23:25 102912 ----a-w- C:\Windows\System32\inseng.dll
2013-06-06 19:23:24 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-06-06 19:23:24 77312 ----a-w- C:\Windows\System32\tdc.ocx
2013-06-06 19:23:24 570880 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-06-06 19:23:24 52224 ----a-w- C:\Windows\System32\msfeedsbs.dll
2013-06-06 19:23:24 51200 ----a-w- C:\Windows\System32\imgutil.dll
2013-06-06 19:23:24 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2013-06-06 19:23:24 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-06-06 19:23:24 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
2013-06-06 19:23:24 194048 ----a-w- C:\Program Files\Internet Explorer\jsprofilerui.dll
2013-06-06 19:23:24 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-06-06 19:23:24 136192 ----a-w- C:\Windows\System32\iepeers.dll
2013-06-06 19:23:24 135680 ----a-w- C:\Windows\System32\IEAdvpack.dll
2013-06-06 19:23:24 12800 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-06-06 19:20:06 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-06 19:20:06 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-06 19:20:06 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-06 19:20:06 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-06 19:20:06 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-06 19:20:06 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-06 19:20:06 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-06 19:20:06 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-06 19:20:06 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-06 19:20:06 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-06 19:20:06 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-06 19:20:06 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-06 19:20:06 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-06 19:20:06 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-06 19:20:06 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-06 19:20:06 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-06 19:20:06 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-06 19:20:06 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-06-06 19:20:06 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-06-06 19:20:06 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-06 19:20:06 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-06 19:20:05 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-06-06 19:20:05 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-06 19:20:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-06-06 19:20:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-06-06 19:20:05 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-06-06 19:20:05 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-06-06 19:20:05 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-06-06 19:20:05 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-06-06 19:20:05 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-06-06 19:20:05 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-06-06 19:20:05 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-06-06 19:20:05 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-06-06 19:20:05 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-06-06 19:20:05 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-06-06 19:20:05 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-06-06 19:20:05 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-06-06 19:20:05 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-06-06 19:20:04 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-06-06 19:20:04 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-06-06 19:20:04 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-06-06 19:20:04 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-06-06 19:20:04 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-06-06 19:20:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-06-06 19:20:04 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-06-06 19:20:04 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-06-06 19:20:04 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-06-06 19:20:04 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-06-06 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-06-05 20:17:55 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-05 20:17:55 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-05 20:17:54 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-05 20:17:46 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-06-05 20:17:46 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-06-05 20:17:46 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-06-05 20:17:46 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-06-05 20:17:24 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-06-05 20:17:24 14172672 ----a-w- C:\Windows\System32\shell32.dll
2013-06-05 20:17:23 197120 ----a-w- C:\Windows\System32\shdocvw.dll
2013-06-05 20:17:23 12872704 ----a-w- C:\Windows\SysWow64\shell32.dll
2013-06-05 20:17:23 111448 ----a-w- C:\Windows\System32\consent.exe
2013-06-05 20:17:22 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-06-05 20:17:22 180224 ----a-w- C:\Windows\SysWow64\shdocvw.dll
2013-06-05 20:17:22 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-06-05 20:17:07 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-05 20:17:07 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-05 20:17:06 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-05 20:17:06 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-06-05 20:17:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-05 20:17:04 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2013-06-05 20:17:04 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2013-06-05 20:17:04 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2013-06-05 20:17:04 216576 ----a-w- C:\Windows\System32\ncsi.dll
2013-06-05 20:17:04 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2013-06-05 20:17:04 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2013-06-05 20:17:03 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2013-06-05 20:17:03 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-06-05 20:17:03 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2013-06-05 20:17:03 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2013-06-05 20:17:03 18944 ----a-w- C:\Windows\System32\netevent.dll
2013-06-05 20:16:52 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-06-05 20:16:10 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-06-04 22:34:43 -------- d-----w- C:\Windows\System32\SPReview
2013-05-31 19:26:46 4167680 ----a-w- C:\Program Files (x86)\GUTBFAA.tmp
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-05-04 04:28:49 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2013-05-04 04:28:47 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2013-05-04 04:27:20 17920 ----a-w- C:\Windows\System32\AmbRunE.dll
2013-05-04 04:17:32 -------- d-----w- C:\Users\Deborah\AppData\Local\Akamai
2013-05-04 04:14:03 263584 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-05-04 04:13:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 04:13:56 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-05-04 04:13:56 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-05-04 04:07:34 -------- d-----w- C:\Program Files (x86)\Razer
2013-05-04 04:04:37 -------- d-----w- C:\Program Files (x86)\Common Files\Java
.
==================== Find6M  ====================
.
2013-06-15 18:09:24 75825640 ----a-w- C:\Windows\System32\MRT.exe
2013-06-11 21:53:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:53:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 22:43:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-04 22:43:20 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-04 04:27:15 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-05-04 04:27:15 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-05-04 04:27:15 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-05-04 04:27:15 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-05-04 04:13:41 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-04 04:13:41 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 23:41:49 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-26 23:41:49 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-26 23:40:50 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 11:02:16 738304 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.2.47157.0.dll
2013-04-10 11:02:16 44944 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.2.47157.0.sys
2013-04-03 05:46:20 388912 ----a-w- C:\Windows\System32\drivers\dlkmd.sys
2013-04-03 05:46:20 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys
2013-04-03 05:44:32 1133456 ----a-w- C:\Windows\System32\dlumd9.dll
2013-04-03 05:44:32 1133456 ----a-w- C:\Windows\System32\dlumd64.dll
2013-04-03 05:44:32 1133456 ----a-w- C:\Windows\System32\dlumd11.dll
2013-04-03 05:44:32 1133456 ----a-w- C:\Windows\System32\dlumd10.dll
2013-04-03 05:44:31 940432 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2013-04-03 05:44:31 940432 ----a-w- C:\Windows\SysWow64\dlumd32.dll
2013-04-03 05:44:31 940432 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2013-04-03 05:44:31 940432 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2013-03-30 03:00:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-03-30 02:48:05 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-16 03:14:22 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-01-20 19:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 19:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 15:49:07.73 ===============
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS_ScreenSaver_GSeries
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
avast! Free Antivirus
Battlefield: Bad Company 2
Bonjour
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Canon MG2100 series MP Drivers
Compatibility Pack for the 2007 Office system
Counter-Strike
Creative MediaSource 5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DisplayLink Core Software
Dropbox
EPSON NX330 Series Printer Uninstall
Express Gate
Facebook Video Calling 1.0.0.8953
Google Chrome
Google Talk Plugin
Google Update Helper
Intel® Management Engine Components
Intel® Turbo Boost Technology Driver
iTunes
Java 7 Update 21
Java Auto Updater
Java 6 Update 22
Junk Mail filter update
Killing Floor
Left 4 Dead
Left 4 Dead 2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 280.19
NVIDIA 3D Vision Driver 280.26
NVIDIA Control Panel 280.26
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA HD Audio Driver 1.2.23.3
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.4.28
NVIDIA Update Components
PDF-Viewer
PunkBuster Services
QuickTime
Razer Mamba
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Sound Blaster Audigy HD
Spotify
Spybot - Search & Destroy
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
Tresorit
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB 2.0 1.3M UVC WebCam
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.0
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== End Of File ===========================
 
 
 
 
 

dds and attach.zip

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please run the following scans and post back the logs. Its the weekend so I'll be in and out but will respond as soon as I can.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Thanks
Link to post
Share on other sites

Hi Ron!

 

Thank you for your response and sorry for my delayed reply! I didn't know how to check for responses to my post and just figured it out this evening haha.

 

Anyways, here are the logs you've requested in the respective order and thank you in advance for your help!

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.01.08
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16618
Deborah :: DANIEL-PC [administrator]
 
7/1/2013 04:42:30 PM
mbar-log-2013-07-01 (16-42-30).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 300342
Time elapsed: 30 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.266000 GHz
Memory total: 4149415936, free: 3501850624
 
Downloaded database version: v2013.06.30.01
Initializing...
------------ Kernel report ------------
     06/30/2013 01:27:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\21865319.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\nsi.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004677060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80043fe050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004677060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004514980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004677060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800350b420, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043fe050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8
 
Partition information:
 
    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 40963702
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 40965750  Numsec = 935805370
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: c:\Users\Deborah\Desktop\explorer.exe --> [Heuristics.Reserved.Word.Exploit]
Infected: HKCR\regfile\shell\open\command| --> [broken.OpenCommand]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_40965750_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.266000 GHz
Memory total: 4149415936, free: 3336818688
 
Downloaded database version: v2013.07.01.08
Canceled update
Downloaded database version: v2013.07.01.08
Initializing...
------------ Kernel report ------------
     07/01/2013 16:42:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006aaa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa8006aaab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800467b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800439e050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800467b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800467bab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800467b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800439b5d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800439e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8
 
Partition information:
 
    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 40963702
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 40965750  Numsec = 935805370
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006aaa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a84040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006aaa060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006aaab60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 17B054
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 246721
    Partition file system is FAT
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 126353408 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_40965750_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Deborah on Mon 07/01/2013 at 18:32:44.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Deborah\appdata\locallow\adawaretb"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/01/2013 at 18:34:19.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v2.303 - Logfile created 07/01/2013 at 18:36:41
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Deborah - DANIEL-PC
# Boot Mode : Safe mode with networking
# Running from : E:\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Users\Daniel\AppData\Local\Conduit
Folder Deleted : C:\Users\Daniel\AppData\Local\PackageAware
Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Conduit
 
***** [Registry] *****
 
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1629 octets] - [01/07/2013 18:36:04]
AdwCleaner[s1].txt - [1582 octets] - [01/07/2013 18:36:41]
 
########## EOF - C:\AdwCleaner[s1].txt - [1642 octets] ##########
 
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Daniel\AppData\Local\Temp\ICReinstall\cnet_setupcalorietrackerA_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Deborah\Downloads\vlcmediaplayer-setup.exe multiple threats
 
 
Link to post
Share on other sites

Hi Ron,

 

I started running the ESET tool again and additionally had it scan archives. So far it's found about 4 MORE infected files including:

a variant of Java/TrojanDownloader.OpenStream.NCJ trojan

 

It isn't finished running so I don't know if this file is in the inactive partition of the HD (the one that hasn't been used) or the primary account.

 

Thanks again for the help! Will post latest log as soon as it finishes running.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.