Jump to content

Recommended Posts

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Cyn at 3:00:20 on 2013-08-18
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5578.3931 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\AppStats\MfeASUM.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Cyn\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\Cyn\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Cyn\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Clownfish\Clownfish.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\RadioController\RfBtnHelper.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\cscript.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
uWindows: Load = C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [searchProtection] "C:\Users\Cyn\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [Akamai NetSession Interface] "C:\Users\Cyn\AppData\Local\Akamai\netsession_win.exe"
uRun: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [LManager] <no file>
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\TrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
mPolicies-System: DisableCAD = dword:1
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3}\2516A7A743 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [btPreLoad] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe"
x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]
R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-1-11 168608]
R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\mcafee\AppStats\MfeASKM.sys [2013-7-21 31408]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-12-14 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-12-14 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-12-14 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-14 239616]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-11 199008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-1-28 227456]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-10-25 2449552]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-14 350544]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-14 100752]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-11 2466448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-12-14 241456]
R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\mcafee\AppStats\MfeASUM.exe [2013-7-21 335216]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-12-14 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-14 182752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-14 91648]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-7-25 34384]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-10-23 658064]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-12-14 331152]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-14 118936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-8-18 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-1-11 26736]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-1-11 343696]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-11 58536]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\Drivers\vfilter.sys [2013-6-30 24064]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-7-25 89168]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-7-25 346192]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-7-25 115280]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-7-25 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-7-25 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-7-25 136424]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-7-25 581200]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-7-17 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-12-14 332080]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\Drivers\virtualnet.sys [2013-6-30 17408]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-7-17 14544]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]
.
=============== Created Last 30 ================
.
2013-08-18 09:44:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-18 09:44:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-18 06:51:27 -------- d-----w- C:\Program Files (x86)\Clownfish
2013-08-16 12:24:08 -------- d-----w- C:\Users\Cyn\AppData\Roaming\foobar2000
2013-08-16 12:23:58 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-08-16 09:04:31 -------- d-----w- C:\Users\Cyn\AppData\Local\Roblox
2013-08-16 08:18:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-08-16 08:17:49 -------- d-----w- C:\Program Files\iPod
2013-08-16 08:17:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-16 08:17:48 -------- d-----w- C:\Program Files\iTunes
2013-08-16 08:17:48 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-16 08:16:23 -------- d-----w- C:\Program Files\Bonjour
2013-08-16 08:16:23 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-08-14 03:32:58 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-08-14 03:32:37 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-14 03:32:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-14 03:32:27 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 03:24:05 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-08-14 03:24:05 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 03:24:05 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 03:24:05 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 03:24:05 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 03:24:05 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 03:24:05 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-08-14 03:24:04 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-08-14 03:24:04 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-08-11 16:14:16 -------- d-----w- C:\Users\Cyn\AppData\Roaming\raidcall
2013-08-11 16:14:06 -------- d-----w- C:\Program Files (x86)\RaidCall
2013-08-11 15:31:30 -------- d-----w- C:\Users\Cyn\AppData\Roaming\FlyForHeroInstaller
2013-08-10 17:55:54 -------- dc-h--w- C:\ProgramData\{907A85CA-E023-4161-8F5C-E72C340031D2}
2013-08-10 17:55:54 -------- d-----w- C:\Program Files (x86)\Creative
2013-08-10 09:45:08 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2013-08-10 06:32:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\wacomid-desktop-launcher
2013-08-09 16:43:24 -------- d-----w- C:\Users\Cyn\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2013-08-09 16:43:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Wacom
2013-08-09 16:43:13 -------- d-----w- C:\ProgramData\Wacom
2013-08-09 16:42:52 -------- d-----w- C:\Users\Cyn\AppData\Local\Adobe
2013-08-09 16:42:43 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
2013-08-09 12:20:54 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3
2013-08-08 15:08:27 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin
2013-08-06 06:25:43 -------- d-----w- C:\Users\Cyn\AppData\Local\Apple Computer
2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-06 06:22:00 -------- d-----w- C:\Users\Cyn\AppData\Local\Apple
2013-08-06 06:20:21 -------- d-----w- C:\Users\Cyn\AppData\Local\TechSmith
2013-08-06 05:55:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\TechSmith
2013-08-06 05:45:29 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith
2013-08-06 05:45:17 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2013-08-05 07:37:48 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Malwarebytes
2013-08-05 07:37:08 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-03 13:54:57 -------- d-----w- C:\Downloads
2013-08-03 13:54:00 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2013-08-03 08:10:52 -------- d-----w- C:\Users\Cyn\AppData\Local\Cyberlink
2013-08-02 16:40:46 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-31 16:44:11 -------- d--h--w- C:\Windows\msdownld.tmp
2013-07-31 16:44:05 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-31 16:43:31 -------- d-----w- C:\Games
2013-07-31 15:51:11 -------- d-----w- C:\Users\Cyn\AppData\Local\PMB Files
2013-07-31 15:51:10 -------- d-----w- C:\ProgramData\PMB Files
2013-07-31 15:50:39 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-07-31 15:50:29 -------- d-----w- C:\Users\Cyn\.swt
2013-07-31 15:43:36 79256 ----a-w- C:\Windows\SysWow64\npOGPPlugin.dll
2013-07-31 15:43:35 271768 ----a-w- C:\Windows\SysWow64\OGPIEPlugin.ocx
2013-07-31 15:43:33 -------- d-----w- C:\Program Files (x86)\OGPlanet
2013-07-30 13:00:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\SYSTEMAX Software Development
2013-07-30 13:00:15 -------- d-----w- C:\ProgramData\SYSTEMAX Software Development
2013-07-29 09:17:36 -------- d-----w- C:\Users\Cyn\AppData\Roaming\OBS
2013-07-29 09:17:18 -------- d-----w- C:\Program Files (x86)\OBS
2013-07-29 07:43:07 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Gyazo
2013-07-29 07:42:33 -------- d-----w- C:\Program Files (x86)\Gyazo
2013-07-27 16:24:59 47616 ----a-w- C:\Windows\SysWow64\PCPKsp.dll
2013-07-27 16:14:59 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-07-27 16:12:04 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2013-07-27 16:12:04 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2013-07-27 16:12:04 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
2013-07-27 16:12:03 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
2013-07-27 16:12:03 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2013-07-27 16:12:03 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-07-27 16:11:06 109568 ----a-w- C:\Windows\System32\dskquota.dll
2013-07-27 16:11:04 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2013-07-27 15:55:20 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-07-27 15:55:19 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-07-27 15:55:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-07-27 15:55:18 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-07-27 15:55:15 641536 ----a-w- C:\Windows\System32\WSShared.dll
2013-07-27 15:55:15 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-07-27 15:55:15 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2013-07-27 15:55:15 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-27 15:55:15 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-07-27 15:55:15 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-07-27 15:53:05 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
2013-07-27 14:22:59 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-07-27 14:08:55 -------- d-----w- C:\Users\Cyn\AppData\Local\gegl-0.2
2013-07-27 14:08:55 -------- d-----w- C:\Users\Cyn\.gimp-2.8
2013-07-27 14:06:15 -------- d-----w- C:\Program Files\GIMP 2
2013-07-27 12:32:03 -------- d-----w- C:\Windows\System32\MRT
2013-07-27 08:02:02 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotRitsu
2013-07-27 06:40:16 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotTsumugi
2013-07-27 06:39:43 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotTable
2013-07-27 06:39:30 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotYui
2013-07-27 06:38:35 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotMio
2013-07-27 06:37:40 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotAzusa
2013-07-26 10:34:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-26 10:30:01 -------- d-----w- C:\Windows\SysWow64\C2MP
2013-07-26 08:43:27 -------- d-----w- C:\Program Files (x86)\Audacity
2013-07-26 08:23:57 -------- d-----w- C:\Program Files\CCleaner
2013-07-26 02:10:15 -------- d-----w- C:\Program Files (x86)\Chatango
2013-07-26 02:10:13 1161728 ----a-w- C:\Windows\System32\sppobjs.dll
2013-07-26 02:10:07 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-07-26 02:10:06 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-07-26 02:10:03 5978624 ----a-w- C:\Windows\System32\mstscax.dll
2013-07-26 02:10:03 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-26 02:10:01 4577792 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2013-07-26 02:10:01 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-07-26 02:10:01 1101824 ----a-w- C:\Windows\System32\wmpmde.dll
2013-07-26 02:06:30 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-07-26 02:06:23 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-07-26 02:02:43 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-07-26 02:01:59 94208 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2013-07-26 02:01:59 65024 ----a-w- C:\Windows\System32\msscntrs.dll
2013-07-26 02:01:59 35328 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2013-07-26 02:01:59 246272 ----a-w- C:\Windows\System32\mssphtb.dll
2013-07-26 02:01:59 10752 ----a-w- C:\Windows\SysWow64\msshooks.dll
2013-07-26 02:01:59 102400 ----a-w- C:\Windows\System32\mssitlb.dll
2013-07-26 02:01:58 48640 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2013-07-26 02:01:57 267264 ----a-w- C:\Windows\System32\EncDump.dll
2013-07-26 02:01:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-26 02:01:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-26 02:00:00 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-26 01:59:59 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-26 01:59:59 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-26 01:59:58 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-26 01:59:58 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-26 01:59:58 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-26 01:59:57 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-26 01:55:59 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-26 01:54:11 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-07-26 01:54:10 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-07-26 01:54:10 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-07-26 01:54:06 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-07-26 01:54:06 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-07-26 01:53:52 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-07-26 01:53:51 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-26 01:53:51 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-07-26 01:53:50 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-26 01:50:35 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-07-26 01:50:35 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-07-26 01:50:22 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-07-26 01:50:21 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-07-26 01:50:09 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-07-26 01:50:07 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-07-26 01:42:42 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-07-26 01:42:41 112872 ----a-w- C:\Windows\System32\consent.exe
2013-07-26 01:37:00 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-07-26 01:37:00 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-07-26 01:36:34 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-26 01:36:34 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-26 01:32:01 733184 ----a-w- C:\Windows\System32\win32spl.dll
2013-07-26 01:32:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-07-26 01:32:00 362496 ----a-w- C:\Windows\System32\atmfd.dll
2013-07-26 01:32:00 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-07-26 01:32:00 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-07-26 01:32:00 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-07-26 01:31:59 96256 ----a-w- C:\Windows\System32\fontsub.dll
2013-07-26 01:31:59 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-07-26 01:31:59 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-07-26 01:31:59 3072 ----a-w- C:\Windows\System32\lpk.dll
2013-07-26 01:31:59 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-07-26 01:31:48 861184 ----a-w- C:\Windows\System32\drivers\http.sys
2013-07-25 14:20:52 -------- d-----w- C:\ProgramData\Atheros
2013-07-25 14:20:39 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Atheros
2013-07-25 12:15:29 136424 ----a-w- C:\Windows\System32\drivers\btath_rcp.sys
2013-07-25 12:15:28 77464 ----a-w- C:\Windows\System32\drivers\btath_lwflt.sys
2013-07-25 12:15:27 179432 ----a-w- C:\Windows\System32\drivers\btath_hcrp.sys
2013-07-25 12:15:27 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2013-07-25 12:15:25 89168 ----a-w- C:\Windows\System32\drivers\btath_flt.sys
2013-07-25 12:15:24 346192 ----a-w- C:\Windows\System32\drivers\btath_a2dp.sys
2013-07-25 12:15:24 115280 ----a-w- C:\Windows\System32\drivers\btath_avdt.sys
2013-07-25 12:15:23 581200 ----a-w- C:\Windows\System32\drivers\btfilter.sys
2013-07-25 12:15:22 34384 ----a-w- C:\Windows\System32\drivers\btath_bus.sys
2013-07-25 12:14:29 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth
2013-07-24 01:28:36 -------- d-----w- C:\Download
2013-07-24 01:27:38 -------- d-----w- C:\Nexon
2013-07-24 01:12:39 -------- d-----w- C:\Program Files (x86)\Kill3rCombo
2013-07-24 00:57:17 -------- d-----w- C:\ProgramData\Nexon
2013-07-24 00:36:05 -------- d-----w- C:\Users\Cyn\AppData\Local\Shrew Soft VPN
2013-07-24 00:36:05 -------- d-----w- C:\ProgramData\Shrew Soft VPN
2013-07-24 00:36:04 -------- d-----w- C:\Program Files\ShrewSoft
2013-07-21 20:39:15 -------- d-----w- C:\AeriaGames
2013-07-21 20:00:42 -------- d-----w- C:\Users\Cyn\AppData\Local\Akamai
2013-07-21 06:59:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\.tshock
2013-07-21 00:34:40 -------- d-----w- C:\Users\Cyn\AppData\Roaming\WildTangent
2013-07-20 21:26:18 447752 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
2013-07-20 21:26:13 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2013-07-20 18:39:37 -------- d-----w- C:\Users\Cyn\AppData\Local\ElevatedDiagnostics
2013-07-20 18:26:38 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-07-20 17:04:53 -------- d-----w- C:\Users\Cyn\AppData\Roaming\.minecraft
2013-07-20 17:04:09 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-20 17:04:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-20 16:54:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Search Protection
2013-07-20 16:53:35 -------- d-----w- C:\Users\Cyn\AppData\Roaming\uTorrent
2013-07-20 16:32:32 -------- d-----w- C:\Users\Cyn\AppData\Local\Aeria Games
2013-07-20 16:31:48 -------- d-----w- C:\ProgramData\Aeria Games
2013-07-20 06:26:58 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2013-07-20 06:26:58 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 23:07:18 24064 ----a-w- C:\Windows\System32\drivers\vfilter.sys
2013-06-30 23:07:18 17408 ----a-w- C:\Windows\System32\drivers\virtualnet.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:02:30 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-23 22:25:22 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH:  3:01:39.59 ===============
Attatch.txt:
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/17/2013 7:04:01 PM
System Uptime: 8/18/2013 2:41:12 AM (1 hours ago)
.
Motherboard: Acer |  | VA50_CM
Processor: AMD A8-4500M APU with Radeon HD Graphics    | Socket FT1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 682 GiB total, 587.372 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Bluetooth USB Module
Device ID: USB\VID_0489&PID_E04E\5&C374159&0&4
Manufacturer: Qualcomm Atheros Communications
Name: Bluetooth USB Module
PNP Device ID: USB\VID_0489&PID_E04E\5&C374159&0&4
Service: BTHUSB
.
==== System Restore Points ===================
.
RP8: 8/13/2013 10:43:17 PM - Windows Update
RP9: 8/16/2013 1:17:09 AM - Installed iTunes
.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - Video 2
???
Acer Backup Manager
Acer Device Fast-lane
Acer Instant Update Service
Acer Power Management
Acer Recovery Management
AcerCloud
AcerCloud Docs
Adobe AIR
Aeria Ignite
Agatha Christie - Death on the Nile
Akamai NetSession Interface
Aloha TriPeaks
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Backup Manager v4
Bamboo Dock
Bejeweled 3
Bonjour
Camtasia Studio 8
Castle Crashers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chatango Message Catcher
Cheat Engine 6.3
clear.fi Media
clear.fi Photo
Clownfish for Skype
Cradle Of Egypt Collector's Edition
Creative Vado HD Codec
CyberLink MediaEspresso 6.5
Delicious: Emily's True Love Premium Edition
Dolby Home Theater v4
Dora's World Adventure
Dritek Radio Controller
eBay Worldwide
Eden Eternal
ETDWare PS/2-X64 11.6.16.003_WHQL
foobar2000 v1.2.9
Garry's Mod
GIMP 2.8.6
Google Chrome
Google Update Helper
Gyazo 1.2
Identity Card
iTunes
Java 7 Update 25
Java Auto Updater
Jewel Match 3
La Tale
LAME v3.99.3 (for Windows)
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Internet Security Suite
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mystery P.I. - Curious Case of Counterfeit Cove
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nexon Game Manager
Norton Online Backup
Norton Online Backup ARA
NTI Media Maker 9
Office Addin
OGPlanet Game Launcher
Open Broadcaster Software
Pando Media Booster
Peggle Nights
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Qualcomm Atheros WLAN and Bluetooth Client Installation Program
QuickTime
RaidCall
Razer Game Booster
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
ROBLOX Player for Cyn
Search Protection
Shared C Run-time for x64
Shredder
Skype™ 6.6
Spotify
Steam
Tales of Lagoona
TeamViewer 8
Terraria
The Sims™ 3
The Sims™ 3 University Life
Update Installer for WildTangent Games App
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 2.0.7
WildTangent Games
WildTangent Games App
Windows 8 Codec Pack 2.0.1
WinRAR 4.20 (32-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/18/2013 3:00:49 AM, Error: Service Control Manager [7031]  - The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
8/18/2013 2:35:07 AM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
8/15/2013 11:38:13 AM, Error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee Network Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/15/2013 11:38:13 AM, Error: Service Control Manager [7031]  - The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2013 10:40:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
8/14/2013 10:40:18 PM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
MB Scan Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.17.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Cyn :: DEST [administrator]
 
Protection: Enabled
 
8/18/2013 2:48:42 AM
MBAM-log-2013-08-18 (02-57-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222939
Time elapsed: 8 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

Link to post
Share on other sites

Hello Dest and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  • One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

    Please read:

    Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

    Please let us know how you would like to proceed.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-08-2013 01

Ran by Cyn at 2013-08-18 08:19:21

Running from C:\Users\Cyn\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

   

 clear.fi SDK - Video 2 (x32 Version: 2.1.2128)

 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112)

Acer Backup Manager (x32 Version: 4.0.0.0071)

Acer Device Fast-lane (Version: 1.00.3011)

Acer Instant Update Service (Version: 1.00.3013)

Acer Power Management (Version: 7.00.3011)

Acer Recovery Management (Version: 6.00.3012)

AcerCloud (x32 Version: 2.01.3125)

AcerCloud Docs (x32 Version: 1.00.3204)

Adobe AIR (x32 Version: 3.8.0.870)

Aeria Ignite (x32 Version: 1.13.3296)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)

Akamai NetSession Interface (HKCU)

Aloha TriPeaks (x32 Version: 2.2.0.98)

AMD Accelerated Video Transcoding (Version: 12.5.100.20918)

AMD APP SDK Runtime (Version: 10.0.938.2)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AMD Quick Stream (Version: 3.3.26.0)

AMD VISION Engine Control Center (x32 Version: 2012.0918.260.3365)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Audacity 2.0.3 (x32 Version: 2.0.3)

Backup Manager v4 (x32 Version: 4.0.0.0071)

Bamboo Dock (x32 Version: 4.1)

Bamboo Dock (x32 Version: 4.1.0)

Bejeweled 3 (x32 Version: 2.2.0.98)

Bonjour (Version: 3.0.0.10)

Camtasia Studio 8 (x32 Version: 8.1.2.1327)

Castle Crashers (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365)

Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365)

Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365)

CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365)

CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365)

CCC Help Czech (x32 Version: 2012.0918.0259.3365)

CCC Help Danish (x32 Version: 2012.0918.0259.3365)

CCC Help Dutch (x32 Version: 2012.0918.0259.3365)

CCC Help English (x32 Version: 2012.0918.0259.3365)

CCC Help Finnish (x32 Version: 2012.0918.0259.3365)

CCC Help French (x32 Version: 2012.0918.0259.3365)

CCC Help German (x32 Version: 2012.0918.0259.3365)

CCC Help Greek (x32 Version: 2012.0918.0259.3365)

CCC Help Hungarian (x32 Version: 2012.0918.0259.3365)

CCC Help Italian (x32 Version: 2012.0918.0259.3365)

CCC Help Japanese (x32 Version: 2012.0918.0259.3365)

CCC Help Korean (x32 Version: 2012.0918.0259.3365)

CCC Help Norwegian (x32 Version: 2012.0918.0259.3365)

CCC Help Polish (x32 Version: 2012.0918.0259.3365)

CCC Help Portuguese (x32 Version: 2012.0918.0259.3365)

CCC Help Russian (x32 Version: 2012.0918.0259.3365)

CCC Help Spanish (x32 Version: 2012.0918.0259.3365)

CCC Help Swedish (x32 Version: 2012.0918.0259.3365)

CCC Help Thai (x32 Version: 2012.0918.0259.3365)

CCC Help Turkish (x32 Version: 2012.0918.0259.3365)

ccc-utility64 (Version: 2012.0918.260.3365)

Chatango Message Catcher (x32)

Cheat Engine 6.3 (x32)

clear.fi Media (x32 Version: 2.01.3112)

clear.fi Photo (x32 Version: 2.01.3109)

Clownfish for Skype (x32)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)

Creative Vado HD Codec (x32 Version: 1.0.0.1)

Creative Vado HD Codec (x32)

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364)

Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)

Dolby Home Theater v4 (x32 Version: 7.2.8000.13)

Dora's World Adventure (x32 Version: 2.2.0.95)

Dritek Radio Controller (x32 Version: 2.02.2001.0803)

eaner (Version: 4.04)

eBay Worldwide (x32 Version: 2.3.0630)

Eden Eternal (x32)

ETDWare PS/2-X64 11.6.16.003_WHQL (Version: 11.6.16.003)

foobar2000 v1.2.9 (x32 Version: 1.2.9)

Garry's Mod (x32)

GIMP 2.8.6 (Version: 2.8.6)

Google Chrome (x32 Version: 28.0.1500.95)

Google Update Helper (x32 Version: 1.3.21.153)

Gyazo 1.2 (x32)

Identity Card (x32 Version: 2.00.3004)

iTunes (Version: 11.0.4.4)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Jewel Match 3 (x32 Version: 2.2.0.98)

La Tale (x32)

LAME v3.99.3 (for Windows) (x32)

Launch Manager (x32 Version: 7.0.10)

Live Updater (x32 Version: 2.00.3006)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee Internet Security Suite (x32 Version: 11.6.511)

Microsoft Office (x32 Version: 15.0.4420.1017)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)

MyWinLocker (Version: 4.0.14.35)

MyWinLocker 4 (x32 Version: 4.0.14.35)

MyWinLocker Suite (x32 Version: 4.0.14.24)

Nexon Game Manager (x32)

Norton Online Backup (x32 Version: 2.2.3.51)

Norton Online Backup ARA (x32 Version: 4.1.0.14)

NTI Media Maker 9 (x32 Version: 9.0.2.9014)

Office Addin (x32 Version: 2.01.3202)

OGPlanet Game Launcher (x32 Version: 1.0.0)

Open Broadcaster Software (x32)

Pando Media Booster (x32 Version: 2.6.0.9)

Peggle Nights (x32 Version: 2.2.0.98)

Penguins! (x32 Version: 2.2.0.98)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)

Polar Bowler (x32 Version: 2.2.0.97)

Polar Golfer (x32 Version: 2.2.0.98)

Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.12)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41)

QuickTime (x32 Version: 7.74.80.86)

RaidCall (x32 Version: 7.2.6-1.0.8500.17)

Razer Game Booster (x32 Version: 3.7)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)

Realtek PCIE Card Reader (x32 Version: 6.2.9200.28127)

ROBLOX Player for Cyn (HKCU)

Search Protection (HKCU Version: 7.3.0.3)

Shared C Run-time for x64 (Version: 10.0.0)

Shredder (Version: 2.0.8.9)

Shredder (x32 Version: 2.0.8.9)

Skype™ 6.6 (x32 Version: 6.6.106)

Spotify (x32 Version: 0.8.4.99.ga249b5f1)

Steam (x32 Version: 1.0.0.0)

Tales of Lagoona (x32 Version: 2.2.0.110)

TeamViewer 8 (x32 Version: 8.0.20202)

Terraria (x32)

The Sims™ 3 (x32 Version: 1.50.56)

The Sims™ 3 University Life (x32 Version: 18.0.126)

Update Installer for WildTangent Games App (x32)

Visual Studio 2005 Tools for Office Second Edition Runtime (x32)

Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729)

Visual Studio Tools for the Office system 3.0 Runtime (x32)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1)

VLC media player 2.0.7 (x32 Version: 2.0.7)

WildTangent Games (x32 Version: 1.0.3.0)

WildTangent Games App (x32 Version: 4.0.10.20)

Windows 8 Codec Pack 2.0.1 (x32 Version: 2.0.1)

WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)

Zuma's Revenge (x32 Version: 2.2.0.98)

엘소드 (x32)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0AA897FE-451D-4612-87FB-41470E4462D8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)

Task: {0C5A41CB-940C-4A56-B189-CA406D7B5B17} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()

Task: {0FBBAF4E-310B-4A2F-B0FB-5852D59DD551} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {0FF50BE8-DD19-4C06-9045-4D20A1C97CF3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)

Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical

Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)

Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents

Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance

Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)

Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh

Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks

Task: {2EE6897E-723E-43E5-89F6-916352AD9757} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()

Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update

Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator

Task: {3A27D1E5-029F-45D2-9C29-4157E465E2CD} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()

Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask

Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance

Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage

Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)

Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon

Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance

Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required

Task: {5C7C16F5-B3BE-4201-B64A-6FA0A22A5D9A} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2091894794-885556272-4137020233-500

Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)

Task: {6A5A1F4A-647F-45E1-8C52-7C62F3076ED4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect

Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-19] (Microsoft Corporation)

Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319

Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update

Task: {74C4B89B-2E24-44BC-B699-F5A9180B0803} - System32\Tasks\{D44CD74C-4FAA-44D1-8D91-D40AAEF935B5} => c:\program files\internet explorer\iexplore.exe [2013-07-25] (Microsoft Corporation)

Task: {7674C687-917C-4CCF-8D7D-A37B1C7D82CC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall

Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance

Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance

Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)

Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses

Task: {92542EEC-F023-469E-9A2D-486410901256} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall

Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime

Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64

Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)

Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask

Task: {AA14D8D6-228D-4468-8391-33E76E8C615F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()

Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh

Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask

Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask

Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan

Task: {B742B243-7833-4689-97F4-0DAA0EC4DE14} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup

Task: {B7AF6623-DFFD-40DC-8AE9-6FAA757587A8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)

Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific

Task: {C02E30A3-5D26-4545-AB62-408E0ADB2DA3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)

Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan

Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender

Task: {C5B50346-C15A-45D2-B42C-1C97290EF40A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)

Task: {CCDA4CDF-FC40-45D8-ACCD-B4C9DF785D85} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2091894794-885556272-4137020233-1001

Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork

Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical

Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery

Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

Task: {E7005FF4-7F07-4E7D-B12A-FD3878B983F5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()

Task: {E84C3A71-EF2A-4A64-828A-B099CD8E4167} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-11] (Google Inc.)

Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-19] (Microsoft Corporation)

Task: {EB24C5C8-1622-41A7-9F20-6BDD8E755480} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)

Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5658609

 

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5658609

 

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2964

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2964

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1576

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1576

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 03:00:40 AM) (Source: Application Error) (User: )

Description: Faulting application name: TeamViewer_Service.exe, version: 8.0.20202.0, time stamp: 0x52021603

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x30203831

Faulting process id: 0x99c

Faulting application start time: 0xTeamViewer_Service.exe0

Faulting application path: TeamViewer_Service.exe1

Faulting module path: TeamViewer_Service.exe2

Report Id: TeamViewer_Service.exe3

Faulting package full name: TeamViewer_Service.exe4

Faulting package-relative application ID: TeamViewer_Service.exe5

 

 

System errors:

=============

Error: (08/18/2013 03:00:49 AM) (Source: Service Control Manager) (User: )

Description: The TeamViewer 8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

 

Error: (08/18/2013 02:35:07 AM) (Source: Service Control Manager) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (08/16/2013 01:13:09 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 12:47:45 AM on ‎8/‎16/‎2013 was unexpected.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Network Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2013 11:38:13 AM) (Source: Service Control Manager) (User: )

Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5658609

 

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5658609

 

Error: (08/18/2013 07:09:26 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2964

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2964

 

Error: (08/18/2013 05:35:10 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1576

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1576

 

Error: (08/18/2013 05:35:09 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/18/2013 03:00:40 AM) (Source: Application Error)(User: )

Description: TeamViewer_Service.exe8.0.20202.052021603unknown0.0.0.000000000c00000053020383199c01ce9bf72a9dff45C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeunknown095f94ee-07ed-11e3-be84-f4b7e2134eb0

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-08-18 02:41:26.385

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-16 01:12:48.438

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-15 03:15:01.707

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-14 23:02:37.393

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-14 02:47:53.009

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-11 22:32:44.190

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-10 01:00:35.033

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-08 23:56:55.250

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-08 22:31:11.330

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-08 01:44:03.834

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 40%

Total physical RAM: 5578.25 MB

Available physical RAM: 3320.92 MB

Total Pagefile: 11210.25 MB

Available Pagefile: 8300.37 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:682.19 GB) (Free:592.23 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 699 GB) (Disk ID: 9CDE34E7)

 

Partition: GPT Partition Type

==================== End Of Log ============================

FRST is attatched because it was too long

 

FRST.txt

Link to post
Share on other sites

Step 1

Please uninstall this application: Search Protection

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the quote box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory where is FRST.exe

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com <===== ATTENTION!

2013-07-20 09:53 - 2013-08-18 02:32 - 00000000 ____D C:\Users\Cyn\AppData\Roaming\uTorrent

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • FRST log
Link to post
Share on other sites

FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-08-2013 01

Ran by Cyn at 2013-08-18 09:14:07 Run:1

Running from C:\Users\Cyn\Desktop\New folder

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com <===== ATTENTION!

2013-07-20 09:53 - 2013-08-18 02:32 - 00000000 ____D C:\Users\Cyn\AppData\Roaming\uTorrent

*****************

 

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value.

C:\Users\Cyn\AppData\Roaming\uTorrent => Moved successfully.

 

==== End of Fixlog ====

AdwCleaner:


***** [Files / Folders] *****

 

Deleted on reboot : C:\ProgramData\boost_interprocess

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\Cyn\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [283 octets] - [18/08/2013 09:06:51]

AdwCleaner[s2].txt - [734 octets] - [18/08/2013 09:07:11]

 

########## EOF - C:\AdwCleaner[s2].txt - [793 octets] ##########

 

JRT:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.9 (08.17.2013:3)

OS: Windows 8 x64

Ran by Cyn on Sun 08/18/2013 at  8:53:08.94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 08/18/2013 at  9:02:25.99

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Link to post
Share on other sites

I did do everything step by step, and for the FRST log do i put the file name as fixlist?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-08-2013 01
Ran by Cyn at 2013-08-18 09:59:33 Run:3
Running from C:\Users\Cyn\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com <===== ATTENTION!
2013-07-20 09:53 - 2013-08-18 02:32 - 00000000 ____D C:\Users\Cyn\AppData\Roaming\uTorrent
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value.
"C:\Users\Cyn\AppData\Roaming\uTorrent" => File/Directory not found.
 
==== End of Fixlog ====
this looks the same as the other one
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-08-2013 01

Ran by Cyn at 2013-08-18 21:57:47 Run:4
Running from C:\Users\Cyn\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com <===== ATTENTION!
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Error setting value.
 
==== End of Fixlog ====
Did I do it wrong again?
Link to post
Share on other sites

No, you didn't. Don't worry. We will find another way.

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

System Log:

Malwarebytes Anti-Rootkit BETA 1.06.1.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.2.9200 Windows 8 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16660

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.896000 GHz

Memory total: 5849223168, free: 3741106176

 

Downloaded database version: v2013.08.19.04

Initializing...

------------ Kernel report ------------

     08/19/2013 10:15:11

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\dqyHTmUR.sys

\SystemRoot\System32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\NDIS.SYS

\SystemRoot\System32\drivers\TDI.SYS

\SystemRoot\System32\drivers\FLTMGR.SYS

\SystemRoot\System32\drivers\storahci.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\drivers\WRkrn.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\wd.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys

\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys

\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys

\SystemRoot\System32\drivers\mssmbios.sys

\??\C:\Program Files\McAfee\AppStats\MfeASKM.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\L1C63x64.sys

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\system32\DRIVERS\RtsPStor.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\??\C:\Windows\system32\drivers\UBHelper.sys

\??\C:\Windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\System32\drivers\aPs2Kb2Hid.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\ETD.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\btath_bus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\drivers\mfefirek.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_storahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\system32\DRIVERS\BthLEEnum.sys

\SystemRoot\System32\drivers\rfcomm.sys

\SystemRoot\System32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\System32\drivers\btath_rcp.sys

\SystemRoot\system32\drivers\btath_avdt.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\System32\drivers\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\appexDrv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\cfwids.sys

\SystemRoot\System32\drivers\condrv.sys

\??\C:\Windows\SysWOW64\Drivers\X6va012

\SystemRoot\system32\drivers\mfeapfk.sys

\SystemRoot\System32\drivers\monitor.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006c81060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000037\

Lower Device Object: 0xfffffa800642f1f0

Lower Device Driver Name: \Driver\storahci\

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006c81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006c81b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c81060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa800642f1f0, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 9CDE34E7

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 4261539070

    GPT Header CurrentLba = 1 BackupLba 1465149167

    GPT Header FirstUsableLba 34  LastUsableLba 1465149134

    GPT Header Guid 1fb4cd75-51fe-44d2-bbb6-c3c43bf63451

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 4261539070

    Backup GPT header CurrentLba = 1465149167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134

    Backup GPT header Guid 1fb4cd75-51fe-44d2-bbb6-c3c43bf63451

    Backup GPT header Contains 128 partition entries starting at LBA 1465149135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID cb2d934c-ccb6-44dd-96a0-42814610cdb5

    FirstLBA 2048  Last LBA 821247

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID 61d5168c-ad1d-4e3e-973e-f260f7276bbc

    FirstLBA 821248  Last LBA 1435647

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID b3d485af-86f7-469c-96f9-f142e52b55a8

    FirstLBA 1435648  Last LBA 1697791

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID beed9ade-ff7e-4430-a81b-156166ba35e

    FirstLBA 1697792  Last LBA 1432356863

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 8622f2c5-36f6-4580-b372-a2adaa8e64ad

    FirstLBA 1432356864  Last LBA 1465147391

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 750156374016 bytes

Sector size: 512 bytes

 

Done!

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [PUM.UserWLoad]

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Ransom]

Scan finished

Creating System Restore point...

Cleaning up...

Removal successful. No system shutdown is required.

=======================================

 

 

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

Link to post
Share on other sites

MBAR Log:

Malwarebytes Anti-Rootkit BETA 1.06.1.1005

www.malwarebytes.org

Database version: v2013.08.19.04

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16660

Cyn :: DEST [administrator]

8/19/2013 10:15:21 AM

mbar-log-2013-08-19 (10-15-21).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 257176

Time elapsed: 59 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> Delete on reboot.

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Now you should run the fixdamage.exe application, located in the same MBAR directory as mbar.exe. Clicking on fixdamage.exe will open the console application and request confirmation to apply any fixes to the operating system. Input “Y” to being the fix. After the fix is complete, it will request you to restart the system again.

How are things now?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.