Guest camarg0 Posted July 10, 2013 ID:700915 Share Posted July 10, 2013 so i followed the first couple of steps to clean it out and here are the malwayre bytes logs and the dds logs Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.07.09.03 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Margo :: MARGO-PC [administrator] Protection: Enabled 7/9/2013 9:05:00 PMmbam-log-2013-07-09 (21-05-00).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 337864Time elapsed: 1 hour(s), 20 minute(s), 41 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.4.1Run by Margo at 22:40:36 on 2013-07-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2084 [GMT -4:00].AV: COMODO Antivirus *Disabled/Outdated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exeC:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Program Files\Dell\DW WLAN Card\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exeC:\Windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\DW WLAN Card\WLTRAY.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exec:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exec:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\svchost.exe -k defragsvcC:\Windows\system32\dfrgui.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Google Update] "C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: NameServer = 10.0.1.1TCP: Interfaces\{478E99F1-79A2-4550-A6BE-B086FCB37A24} : DHCPNameServer = 10.0.1.1TCP: Interfaces\{478E99F1-79A2-4550-A6BE-B086FCB37A24}\054584A5D4 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{478E99F1-79A2-4550-A6BE-B086FCB37A24}\2516E646F6C60786 : DHCPNameServer = 192.168.2.1 192.168.2.1TCP: Interfaces\{478E99F1-79A2-4550-A6BE-B086FCB37A24}\C45736B697D41607C656D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1SSODL: WebCheck - <orphaned>x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe.============= SERVICES / DRIVERS ===============.R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2011-9-27 89600]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-7 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-7 701512]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-30 2320920]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-30 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-27 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-27 289280]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-7 25928]RUnknown cmderd;cmderd; [x]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-30 35104]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-27 250984]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-27 325152]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-1 59392]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-6 1255736].=============== Created Last 30 ================.2013-07-09 06:12:27 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{330D0FD5-0FF2-4449-8E19-8F06A50552F0}\mpengine.dll2013-07-07 06:29:33 -------- d-----w- C:\Users\Margo\AppData\Roaming\Malwarebytes2013-07-07 06:29:26 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-07 06:29:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-07 06:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-07 06:29:08 -------- d-----w- C:\Users\Margo\AppData\Local\Programs2013-06-20 03:45:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-06-20 03:45:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-06-17 20:36:20 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-12 18:14:22 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-12 18:07:57 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-06-12 18:07:57 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.==================== Find3M ====================.2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys.============= FINISH: 22:41:04.17 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 9/30/2011 1:57:58 PMSystem Uptime: 7/9/2013 9:01:12 PM (1 hours ago).Motherboard: Dell Inc. | | Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU 1 | 1173/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 587 GiB total, 539.43 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleDell Edoc ViewerDW WLAN Card UtilityGoogle ChromeGoogle DriveGoogle Update HelperIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Turbo Boost Technology MonitoriTunesJava Auto UpdaterJava 6 Update 29Java 6 Update 29 (64-bit)Java 7 Update 4JavaFX 2.1.0Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Office Word Viewer 2003Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Quickset64Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Synaptics Pointing Device DriverUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VC80CRTRedist - 8.0.50727.6195Visual Studio 2008 x64 RedistributablesWIDCOMM Bluetooth Software.==== Event Viewer Messages From Past Week ========.7/9/2013 9:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}7/9/2013 9:29:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.7/9/2013 9:29:43 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/9/2013 9:01:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD7/9/2013 2:56:05 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.7/9/2013 2:22:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect.7/9/2013 2:22:05 AM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/9/2013 2:22:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}7/9/2013 10:11:40 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.7/9/2013 10:11:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.7/7/2013 4:16:47 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting..==== End Of File =========================== my computer is so slow right now and i dont know what to do. please help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700931 Share Posted July 10, 2013 Hello and Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 03Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 04Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. If prompted by the User Account Control click Yes to allow it to run. Under Actions click on the Delete button. Click OK on all prompts. You will be prompted to restart your computer. A text file will open after the restart. Please post the entire contents of that logfile to your next reply. You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 05Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
lman2 Posted July 12, 2013 ID:702077 Share Posted July 12, 2013 this is camarg0's other account. I'm having trouble logging into that account. so here are the logs. Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.11.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Margo :: MARGO-PC [administrator] 7/11/2013 2:38:08 PMmbar-log-2013-07-11 (14-38-08).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 231329Time elapsed: 33 minute(s), 14 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 1975746560 Downloaded database version: v2013.07.11.01Initializing...------------ Kernel report ------------ 07/10/2013 22:06:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\psapi.dll\Windows\System32\gdi32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\imm32.dll\Windows\System32\nsi.dll\Windows\System32\ws2_32.dll\Windows\System32\wininet.dll\Windows\System32\shlwapi.dll\Windows\System32\rpcrt4.dll\Windows\System32\imagehlp.dll\Windows\System32\clbcatq.dll\Windows\System32\sechost.dll\Windows\System32\usp10.dll\Windows\System32\iertutil.dll\Windows\System32\oleaut32.dll\Windows\System32\ole32.dll\Windows\System32\msctf.dll\Windows\System32\kernel32.dll\Windows\System32\msvcrt.dll\Windows\System32\Wldap32.dll\Windows\System32\normaliz.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\difxapi.dll\Windows\System32\lpk.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004b85060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004963050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004b85060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004b85b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004b85060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004963050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2446712832 Downloaded database version: v2013.07.11.02Downloaded database version: v2013.07.11.03Downloaded database version: v2013.07.11.04Downloaded database version: v2013.07.11.05Initializing...------------ Kernel report ------------ 07/11/2013 14:38:04------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\nsi.dll\Windows\System32\oleaut32.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\setupapi.dll\Windows\System32\ws2_32.dll\Windows\System32\iertutil.dll\Windows\System32\sechost.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\clbcatq.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\imagehlp.dll\Windows\System32\shell32.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bc6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004945050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bc62c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004945050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2550439936 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4083867648, free: 2500644864 Downloaded database version: v2013.07.11.06Downloaded database version: v2013.07.11.07Downloaded database version: v2013.07.11.08Initializing...------------ Kernel report ------------ 07/12/2013 02:23:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\drivers\HIDPARSE.SYS\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\ATMFD.DLL\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwl2cap.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\nsi.dll\Windows\System32\oleaut32.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\imm32.dll\Windows\System32\setupapi.dll\Windows\System32\ws2_32.dll\Windows\System32\iertutil.dll\Windows\System32\sechost.dll\Windows\System32\shlwapi.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\clbcatq.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\imagehlp.dll\Windows\System32\shell32.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bc6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8004945050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bc62c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bc6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004945050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4437F46F Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 20160512 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20242432 Numsec = 1230012416 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_81920_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.0.5 (07.10.2013:2)OS: Windows 7 Home Premium x64Ran by Margo on Fri 07/12/2013 at 2:22:31.60~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{94496571-6ac5-4836-82d5-d46260c44b17}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bc9fd17d-30f6-4464-9e53-596a90aff023}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{13abd093-d46f-40df-a608-47e162ec799d}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 07/12/2013 at 2:29:49.81End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.305 - Logfile created 07/12/2013 at 02:40:09# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Margo - MARGO-PC# Boot Mode : Normal# Running from : C:\Users\Margo\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.71 File : C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [834 octets] - [12/07/2013 02:40:09] ########## EOF - C:\AdwCleaner[s1].txt - [893 octets] ########## as for the eset scan, it said it had found 1 threat but i hadnt unclicked the remove threats so it removed it and i closed it without getting a log... when I ran it again it said it found no threats and no logs came up... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 12, 2013 Root Admin ID:702135 Share Posted July 12, 2013 Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
lman2 Posted July 13, 2013 ID:702234 Share Posted July 13, 2013 here are the logs for it Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013 02Ran by Margo at 2013-07-13 00:50:11Running from C:\Users\Margo\DownloadsBoot Mode: Normal========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 3.0.0.4080)Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.287)Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)Adobe Reader X (10.1.7) (x32 Version: 10.1.7)Apple Application Support (x32 Version: 2.3.4)Apple Mobile Device Support (Version: 6.1.0.13)Apple Software Update (x32 Version: 2.1.3.127)Bonjour (Version: 3.0.0.10)Cisco EAP-FAST Module (x32 Version: 2.2.14)Cisco LEAP Module (x32 Version: 1.0.19)Cisco PEAP Module (x32 Version: 1.1.6)Dell Edoc Viewer (Version: 1.0.0)ERUNT 1.1j (x32)Fast Free Converter (x32 Version: 3.0)GetSavin (x32 Version: 1.1373690418)Google Chrome (HKCU Version: 28.0.1500.71)Google Drive (x32 Version: 1.10.4769.632)Google Update Helper (x32 Version: 1.3.21.153)Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2202)Intel® Management Engine Components (x32 Version: 6.0.0.1179)Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)iTunes (Version: 11.0.4.4)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Java 6 Update 29 (64-bit) (Version: 6.0.290)Java 6 Update 29 (x32 Version: 6.0.290)JavaFX 2.1.0 (x32 Version: 2.1.0)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)Microsoft Security Client (Version: 4.3.0215.0)Microsoft Security Essentials (Version: 4.3.215.0)Microsoft Silverlight (Version: 5.1.20513.0)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Quickset64 (Version: 10.5.0)Synaptics Pointing Device Driver (Version: 15.0.0.1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)WIDCOMM Bluetooth Software (Version: 6.2.0.9600)WLAN Card Utility (Version: 5.60.48.18) ==================== Restore Points ========================= 12-07-2013 23:52:15 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {056BB978-1084-4E2F-B650-7517024E9639} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30] (Google Inc.)Task: {08910DAB-01D9-4348-9EC5-FA3B381B1CD7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1728113885-2607243412-894683866-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No FileTask: {501E55C3-A33D-4761-B213-6BDAA67216B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {57121A2F-75E9-4DCC-B79E-245D1EE9F46E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)Task: {642F30E0-97B6-4B8B-B23F-2BDAA318C04D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)Task: {919317C3-F231-4C1C-9BCA-1C5C4A95908B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)Task: {DB60599C-E731-47F6-B39D-D6510C332073} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)Task: {DDF0CE09-0879-44BC-A7D9-17E86BFCC190} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1728113885-2607243412-894683866-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No FileTask: {F2C5D038-9DD6-41DF-8352-744C60EDA46D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11] (Google Inc.)Task: {FFF18EC1-3DCC-43B2-A86E-3FD45406E686} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/13/2013 00:47:36 AM) (Source: Application Hang) (User: )Description: The program Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10ac Start Time: 01ce7f83b586a688 Termination Time: 15 Application Path: C:\Users\Margo\Downloads\Setup.exe Report Id: Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (07/13/2013 00:46:32 AM) (Source: Service Control Manager) (User: )Description: The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/12/2013 07:51:07 PM) (Source: volsnap) (User: )Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (07/12/2013 07:20:18 PM) (Source: BTHUSB) (User: )Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (07/12/2013 05:38:49 PM) (Source: Service Control Manager) (User: )Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1053 Error: (07/12/2013 05:38:49 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. Error: (07/12/2013 05:38:08 PM) (Source: Service Control Manager) (User: )Description: The Intel® Management & Security Application User Notification Service service failed to start due to the following error: %%1053 Error: (07/12/2013 05:38:08 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect. Error: (07/12/2013 05:37:35 PM) (Source: Service Control Manager) (User: )Description: The Software Protection service failed to start due to the following error: %%1053 Error: (07/12/2013 05:37:35 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. Error: (07/12/2013 05:36:38 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Microsoft Office Sessions:=========================Error: (07/13/2013 00:47:36 AM) (Source: Application Hang)(User: )Description: Setup.exe0.0.0.010ac01ce7f83b586a68815C:\Users\Margo\Downloads\Setup.exe Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (07/12/2013 07:20:25 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 12043 Error: (07/12/2013 07:20:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 6115 Error: (07/12/2013 07:20:10 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Percentage of memory in use: 52%Total physical RAM: 3894.68 MBAvailable physical RAM: 1868.25 MBTotal Pagefile: 7787.54 MBAvailable Pagefile: 5291.9 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:586.52 GB) (Free:537.97 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4437F46F)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 02Ran by Margo (administrator) on 13-07-2013 00:49:18Running from C:\Users\Margo\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1356240 2013-06-20] (Microsoft Corporation)HKLM\...\Run: [igfxTray] - C:\Windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)HKCU\...\Run: [Google Update] - "C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-30] (Google Inc.)HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)HKCU\...\Run: [GoogleChromeAutoLaunch_D7232562656B11FEB5775F28D8C0A45A] - "C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-03] (Google Inc.)HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodoHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodoBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Fast Free Converter 3.0 - {304E71B8-633E-4C36-996A-7D21D9D1518F} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: GetSavin 5.0 - {EC1B08CF-4CAB-4503-9CB2-57C4FCD8E2C5} - C:\Users\Margo\AppData\Local\getsavin\ie\getsavin_1373690401.dll ()Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\28.0.1500.71\gcswf32.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No FileCHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No FileCHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No FileCHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No FileCHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No FileCHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Google Drive) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Amazing Coupons) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR StartMenuInternet: Google Chrome - "C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe" ==================== Services (Whitelisted) ================= R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2009-12-17] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-13 00:49 - 2013-07-13 00:49 - 00000000 ____D C:\FRST2013-07-13 00:48 - 2013-07-13 00:48 - 01777811 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2013-07-13 00:46 - 2013-07-13 00:47 - 00000002 _____ C:\end2013-07-13 00:46 - 2013-07-13 00:47 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Users\Margo\AppData\Local\getsavin2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 _____ C:\extensions.sqlite2013-07-13 00:44 - 2013-07-13 00:44 - 01065256 _____ C:\Users\Margo\Downloads\Setup.exe2013-07-12 15:58 - 2013-07-12 15:58 - 00000000 ____D C:\Windows\TempD302D74C-0FE3-26F3-E030-79690EB38962-Signatures2013-07-12 15:09 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2013-07-12 15:09 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys2013-07-12 15:09 - 2012-08-23 10:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys2013-07-12 15:09 - 2012-08-23 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll2013-07-12 15:09 - 2012-08-23 09:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll2013-07-12 15:09 - 2012-08-23 09:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-07-12 15:09 - 2012-08-23 09:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-07-12 15:09 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2013-07-12 15:09 - 2012-08-23 09:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll2013-07-12 15:09 - 2012-08-23 09:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2013-07-12 15:09 - 2012-08-23 09:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll2013-07-12 15:09 - 2012-08-23 09:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll2013-07-12 15:09 - 2012-08-23 08:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2013-07-12 15:09 - 2012-08-23 07:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2013-07-12 15:09 - 2012-08-23 07:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2013-07-12 15:09 - 2012-08-23 07:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2013-07-12 15:09 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll2013-07-12 15:09 - 2012-08-23 06:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2013-07-12 15:09 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll2013-07-12 15:09 - 2012-08-23 06:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2013-07-12 15:09 - 2012-08-23 06:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2013-07-12 15:09 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2013-07-12 15:09 - 2012-08-23 04:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2013-07-12 15:09 - 2012-08-23 04:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2013-07-12 15:08 - 2013-07-12 15:09 - 00000000 ____D C:\Windows\system32\MRT2013-07-12 15:00 - 2013-07-12 14:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-07-12 14:59 - 2013-07-12 15:59 - 00002155 _____ C:\Windows\epplauncher.mif2013-07-12 14:59 - 2013-07-12 15:58 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-12 14:59 - 2013-07-12 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-07-12 14:45 - 2013-07-12 14:45 - 00000000 ____D C:\Users\All Users\APN2013-07-12 14:43 - 2013-07-12 14:44 - 00903080 _____ (Oracle Corporation) C:\Users\Margo\Downloads\chromeinstall-7u25.exe2013-07-12 14:37 - 2013-07-12 14:37 - 00000000 ____D C:\Users\All Users\McAfee2013-07-12 14:34 - 2012-08-24 14:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2013-07-12 14:34 - 2012-08-24 14:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2013-07-12 14:34 - 2012-08-24 14:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2013-07-12 14:34 - 2012-08-24 14:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2013-07-12 14:34 - 2012-08-24 12:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2013-07-12 14:34 - 2012-08-24 12:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2013-07-12 14:34 - 2012-08-24 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2013-07-12 14:34 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2013-07-12 14:34 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2013-07-12 02:45 - 2013-07-12 02:45 - 02347384 _____ (ESET) C:\Users\Margo\Downloads\esetsmartinstaller_enu.exe2013-07-12 02:40 - 2013-07-12 02:40 - 00000957 _____ C:\AdwCleaner[s1].txt2013-07-12 02:32 - 2013-07-12 02:32 - 00662345 _____ C:\Users\Margo\Downloads\AdwCleaner.exe2013-07-12 02:29 - 2013-07-12 02:29 - 00002185 _____ C:\Users\Margo\Desktop\JRT.txt2013-07-12 02:22 - 2013-07-12 02:22 - 00000000 ____D C:\Windows\ERUNT2013-07-10 22:33 - 2013-07-10 22:33 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk2013-07-10 22:33 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Program Files\iTunes2013-07-10 22:32 - 2013-07-10 22:33 - 00000000 ____D C:\Program Files (x86)\iTunes2013-07-10 22:32 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iPod2013-07-10 22:06 - 2013-07-12 02:32 - 00000000 ____D C:\Users\All Users\Malwarebytes' Anti-Malware (portable)2013-07-10 22:06 - 2013-05-29 02:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-07-10 22:06 - 2013-05-29 01:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-07-10 22:06 - 2013-05-29 01:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-07-10 22:06 - 2013-05-29 01:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-07-10 22:06 - 2013-05-29 01:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-07-10 22:06 - 2013-05-29 01:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2013-07-10 22:06 - 2013-05-29 01:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2013-07-10 22:06 - 2013-05-29 01:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2013-07-10 22:06 - 2013-05-29 01:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2013-07-10 22:06 - 2013-05-29 01:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-07-10 22:06 - 2013-05-29 01:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-07-10 22:06 - 2013-05-29 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-07-10 22:06 - 2013-05-29 01:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2013-07-10 22:06 - 2013-05-29 01:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-07-10 22:06 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-07-10 22:06 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-07-10 22:06 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-07-10 22:06 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-07-10 22:06 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-07-10 22:06 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-07-10 22:06 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-07-10 22:06 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-07-10 22:06 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-07-10 22:06 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-07-10 22:06 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-07-10 22:06 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-07-10 22:06 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-07-10 22:06 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-07-10 22:06 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-07-10 22:06 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-07-10 21:56 - 2013-07-10 21:56 - 00558783 _____ (Oleg N. Scherbakov) C:\Users\Margo\Downloads\JRT.exe2013-07-10 21:55 - 2013-07-10 21:59 - 13399154 _____ C:\Users\Margo\Downloads\mbar-1.06.0.1004.zip2013-07-10 21:55 - 2013-07-10 21:55 - 00000000 ____D C:\Windows\ERDNT2013-07-10 21:54 - 2013-07-10 21:54 - 00000926 _____ C:\Users\Margo\Desktop\NTREGOPT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000907 _____ C:\Users\Margo\Desktop\ERUNT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-07-10 21:51 - 2013-07-10 21:51 - 00791393 _____ (Lars Hederer ) C:\Users\Margo\Downloads\erunt-setup.exe2013-07-10 21:49 - 2013-07-12 17:32 - 00000448 _____ C:\Windows\setupact.log2013-07-10 21:49 - 2013-07-10 21:49 - 00000000 _____ C:\Windows\setuperr.log2013-07-10 02:12 - 2013-07-10 02:13 - 00000000 ____D C:\8ff5447790c41c1670322649fa4b93e32013-07-09 22:43 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-07-09 22:43 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2013-07-09 22:42 - 2013-07-12 02:45 - 00000000 ____D C:\Users\Margo\Desktop\cleanup2013-07-09 22:42 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2013-07-09 22:42 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-07-09 22:31 - 2013-07-09 22:38 - 00688992 ____R (Swearware) C:\Users\Margo\Downloads\dds (1).com2013-07-09 22:27 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-07-09 22:27 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-07-09 22:02 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-07-09 21:04 - 2013-07-09 21:05 - 00688992 _____ (Swearware) C:\Users\Margo\Downloads\dds.com2013-07-07 02:29 - 2013-07-07 02:29 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-07 02:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-06-19 23:45 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2013-06-19 23:45 - 2013-04-17 02:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys2013-06-17 16:36 - 2013-06-17 16:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:34 - 2013-07-12 16:28 - 00037929 _____ C:\Windows\IE10_main.log ==================== One Month Modified Files and Folders ======= 2013-07-13 00:49 - 2013-07-13 00:49 - 00000000 ____D C:\FRST2013-07-13 00:48 - 2013-07-13 00:48 - 01777811 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe2013-07-13 00:47 - 2013-07-13 00:46 - 00000002 _____ C:\end2013-07-13 00:47 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Users\Margo\AppData\Local\getsavin2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 ____D C:\Program Files (x86)\File Type Helper2013-07-13 00:46 - 2013-07-13 00:46 - 00000000 _____ C:\extensions.sqlite2013-07-13 00:44 - 2013-07-13 00:44 - 01065256 _____ C:\Users\Margo\Downloads\Setup.exe2013-07-13 00:34 - 2011-09-30 14:21 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA.job2013-07-13 00:09 - 2012-04-11 17:34 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-12 22:26 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-07-12 22:26 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-07-12 22:23 - 2009-07-14 01:10 - 01148619 _____ C:\Windows\WindowsUpdate.log2013-07-12 19:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-07-12 19:09 - 2012-04-11 17:34 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-12 19:04 - 2012-04-11 17:34 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-12 19:04 - 2012-04-11 17:34 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-07-12 18:34 - 2011-09-30 14:21 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core.job2013-07-12 18:29 - 2011-09-30 14:21 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001UA2013-07-12 18:29 - 2011-09-30 14:21 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1728113885-2607243412-894683866-1001Core2013-07-12 17:33 - 2012-11-09 00:30 - 00000000 ___SD C:\Users\Margo\Google Drive2013-07-12 17:32 - 2013-07-10 21:49 - 00000448 _____ C:\Windows\setupact.log2013-07-12 17:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-07-12 16:28 - 2013-06-17 16:34 - 00037929 _____ C:\Windows\IE10_main.log2013-07-12 15:59 - 2013-07-12 14:59 - 00002155 _____ C:\Windows\epplauncher.mif2013-07-12 15:58 - 2013-07-12 15:58 - 00000000 ____D C:\Windows\TempD302D74C-0FE3-26F3-E030-79690EB38962-Signatures2013-07-12 15:58 - 2013-07-12 14:59 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-12 15:58 - 2013-07-12 14:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client2013-07-12 15:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions2013-07-12 15:11 - 2011-09-30 15:37 - 00000000 ____D C:\Program Files (x86)\Intel2013-07-12 15:09 - 2013-07-12 15:08 - 00000000 ____D C:\Windows\system32\MRT2013-07-12 14:59 - 2013-07-12 15:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-07-12 14:59 - 2012-06-07 01:48 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-07-12 14:59 - 2012-06-07 01:48 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-07-12 14:59 - 2011-10-19 04:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-07-12 14:59 - 2011-10-19 04:29 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-07-12 14:59 - 2011-10-19 04:28 - 00000000 ____D C:\Program Files (x86)\Java2013-07-12 14:59 - 2011-09-30 14:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-07-12 14:47 - 2009-07-14 01:13 - 00740814 _____ C:\Windows\system32\PerfStringBackup.INI2013-07-12 14:45 - 2013-07-12 14:45 - 00000000 ____D C:\Users\All Users\APN2013-07-12 14:44 - 2013-07-12 14:43 - 00903080 _____ (Oracle Corporation) C:\Users\Margo\Downloads\chromeinstall-7u25.exe2013-07-12 14:37 - 2013-07-12 14:37 - 00000000 ____D C:\Users\All Users\McAfee2013-07-12 02:45 - 2013-07-12 02:45 - 02347384 _____ (ESET) C:\Users\Margo\Downloads\esetsmartinstaller_enu.exe2013-07-12 02:45 - 2013-07-09 22:42 - 00000000 ____D C:\Users\Margo\Desktop\cleanup2013-07-12 02:41 - 2009-07-14 01:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-07-12 02:40 - 2013-07-12 02:40 - 00000957 _____ C:\AdwCleaner[s1].txt2013-07-12 02:32 - 2013-07-12 02:32 - 00662345 _____ C:\Users\Margo\Downloads\AdwCleaner.exe2013-07-12 02:32 - 2013-07-10 22:06 - 00000000 ____D C:\Users\All Users\Malwarebytes' Anti-Malware (portable)2013-07-12 02:29 - 2013-07-12 02:29 - 00002185 _____ C:\Users\Margo\Desktop\JRT.txt2013-07-12 02:22 - 2013-07-12 02:22 - 00000000 ____D C:\Windows\ERUNT2013-07-12 02:19 - 2011-09-30 14:21 - 00002368 _____ C:\Users\Margo\Desktop\Google Chrome.lnk2013-07-11 02:32 - 2009-07-14 00:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT2013-07-11 02:31 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal2013-07-11 02:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender2013-07-11 02:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-10 22:33 - 2013-07-10 22:33 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk2013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF692013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iTunes2013-07-10 22:33 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files (x86)\iTunes2013-07-10 22:32 - 2013-07-10 22:32 - 00000000 ____D C:\Program Files\iPod2013-07-10 21:59 - 2013-07-10 21:55 - 13399154 _____ C:\Users\Margo\Downloads\mbar-1.06.0.1004.zip2013-07-10 21:56 - 2013-07-10 21:56 - 00558783 _____ (Oleg N. Scherbakov) C:\Users\Margo\Downloads\JRT.exe2013-07-10 21:55 - 2013-07-10 21:55 - 00000000 ____D C:\Windows\ERDNT2013-07-10 21:54 - 2013-07-10 21:54 - 00000926 _____ C:\Users\Margo\Desktop\NTREGOPT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000907 _____ C:\Users\Margo\Desktop\ERUNT.lnk2013-07-10 21:54 - 2013-07-10 21:54 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-07-10 21:51 - 2013-07-10 21:51 - 00791393 _____ (Lars Hederer ) C:\Users\Margo\Downloads\erunt-setup.exe2013-07-10 21:49 - 2013-07-10 21:49 - 00000000 _____ C:\Windows\setuperr.log2013-07-10 21:49 - 2013-03-13 11:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-10 21:49 - 2013-03-13 11:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-07-10 21:49 - 2013-01-27 03:14 - 00000000 ____D C:\Users\All Users\COMODO2013-07-10 21:49 - 2011-09-30 15:36 - 00014260 _____ C:\Windows\PFRO.log2013-07-10 02:13 - 2013-07-10 02:12 - 00000000 ____D C:\8ff5447790c41c1670322649fa4b93e32013-07-09 22:38 - 2013-07-09 22:31 - 00688992 ____R (Swearware) C:\Users\Margo\Downloads\dds (1).com2013-07-09 22:32 - 2011-09-30 14:20 - 00058016 _____ C:\Users\Margo\AppData\Local\GDIPFONTCACHEV1.DAT2013-07-09 21:46 - 2011-11-29 07:50 - 00000000 ____D C:\Windows\Minidump2013-07-09 21:25 - 2013-01-27 03:17 - 00000000 ____D C:\Windows\System32\Tasks\COMODO2013-07-09 21:22 - 2012-02-17 01:59 - 00000000 ____D C:\Program Files\DivX2013-07-09 21:22 - 2012-02-17 01:57 - 00000000 ____D C:\Users\All Users\DivX2013-07-09 21:22 - 2012-02-17 01:57 - 00000000 ____D C:\Program Files (x86)\DivX2013-07-09 21:17 - 2012-02-17 02:25 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Real2013-07-09 21:17 - 2012-02-17 02:25 - 00000000 ____D C:\Program Files (x86)\Real2013-07-09 21:16 - 2012-02-17 02:25 - 00000000 ____D C:\Users\All Users\Real2013-07-09 21:14 - 2012-04-11 17:34 - 00000000 ____D C:\Program Files (x86)\Google2013-07-09 21:05 - 2013-07-09 21:04 - 00688992 _____ (Swearware) C:\Users\Margo\Downloads\dds.com2013-07-09 15:59 - 2013-01-27 03:17 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat2013-07-07 02:48 - 2013-01-27 03:14 - 00000000 ____D C:\Program Files (x86)\Comodo2013-07-07 02:29 - 2013-07-07 02:29 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\Margo\AppData\Roaming\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-07-07 02:29 - 2013-07-07 02:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-24 00:57 - 2011-10-06 02:24 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\zh-HK2013-06-19 23:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\tr-TR2013-06-18 21:50 - 2013-06-18 21:50 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys2013-06-18 21:50 - 2013-01-20 15:59 - 00139616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys2013-06-17 16:36 - 2013-06-17 16:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2013-06-17 16:36 - 2013-06-17 16:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-06-17 16:36 - 2013-06-17 16:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-09 11:15 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2013 Root Admin ID:702259 Share Posted July 13, 2013 So how is the computer running now? Are there still any signs of an infection or other related issues going on? Link to post Share on other sites More sharing options...
lman2 Posted July 13, 2013 ID:702415 Share Posted July 13, 2013 its still very slow. It keeps lagging and freezing. when it freezes if i press ctrl alt delt it brings up a popup that says logon options cannot be found, or something like that... Link to post Share on other sites More sharing options...
lman2 Posted July 14, 2013 ID:702553 Share Posted July 14, 2013 I was just on the infected computer, and a blue screen came up. After trying to turn it back on it wouldnt come back on. it kept saying to insert a boot disk or something like that. I waited a couple minutes and turned it back on and now it works. What should I do? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 15, 2013 Root Admin ID:702836 Share Posted July 15, 2013 Well it sounds more like you're having a possible hard drive failing issue. Best to probably run a hardware test on the drive. Seagate and Western Digital both provide software to test their drives and they are the most common drives out there. If the system has builtin software from the BIOS you could also test from there. Link to post Share on other sites More sharing options...
lman2 Posted July 15, 2013 ID:703021 Share Posted July 15, 2013 how do i check if i have the software from bios? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703230 Share Posted July 16, 2013 Normally found via Function keys like F2, F10, F11 etc.. What is the make and model of the computer ? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2013 Root Admin ID:706174 Share Posted July 23, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts