Jump to content

Can't Enable Malicious Website Blocking

randpcarriages
 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

Start Malwarebytes, open "Protection" tab. The setting you require is there check the malicious website blocking....

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites
randpcarriages

randpcarriages

Posted
  • Author
Posted
Here is the log you requested. I know you have to check off the setting, but it will not let me select it 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Paul (administrator) on JORI on 04-10-2013 14:21:54

Running from C:\Users\Paul\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(AMD) C:\Windows\system32\atieclxx.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)

HKCU\...\Run: [googletalk] - C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-20] (Google)

HKCU\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

MountPoints2: {07a807fe-a396-11e1-b8e8-806e6f6e6963} - E:\start.exe

HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe

HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "M:\PROGRAMS\iTunes\iTunesHelper.exe"

HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-05-29] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-04-12] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2285232 2013-08-28] ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dscrm.sandhills.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF91CE92103ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM - {4C66B40D-6131-40E4-94D8-1401C300FF56} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20121019133624294&tb_oid=19-10-2012&tb_mrud=19-10-2012

SearchScopes: HKLM-x32 - {4C66B40D-6131-40E4-94D8-1401C300FF56} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={DC707250-9A6A-4507-B7DE-ADE3C8F7A366}&mid=c120ff69061647d393eca9aaf34a31fc-af4cf4bfda81f739dbc54aa95c2f4cb7b15abd05〈=en&ds=dn011&pr=sa&d=2013-08-28 12:59:44&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 -  No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File

Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU -  No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} https://dscrm.sandhills.com/sandhillscustom/scriptx/smsx.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\r4se36nj.default-1354122618701

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - M:\PROGRAMS\iTunes\Mozilla Plugins\npitunes.dll No File

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5

FF Extension: No Name - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1

CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Chrome In-App Payments service) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1

CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx

 

==================== Services (Whitelisted) =================

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)

R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-08-28] (AVG Secure Search)

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\   \...\???\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-28] (AVG Technologies)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-10-04 14:21 - 2013-10-04 14:21 - 01954124 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe

2013-10-04 14:21 - 2013-10-04 14:21 - 00000000 ____D C:\FRST

2013-09-28 13:11 - 2013-09-28 13:11 - 00037315 _____ C:\Users\Paul\AppData\Local\recently-used.xbel

2013-09-28 10:28 - 2013-09-28 10:28 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 10:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-09-28 10:27 - 2013-09-28 10:28 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-28 09:49 - 2013-10-04 13:46 - 00021592 _____ C:\Users\Paul\Desktop\dds.txt

2013-09-28 09:49 - 2013-10-04 13:46 - 00010654 _____ C:\Users\Paul\Desktop\attach.txt

2013-09-28 09:48 - 2013-09-28 09:48 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com

2013-09-28 08:57 - 2013-09-28 08:57 - 00000000 ____D C:\Users\Paul\AppData\Local\Apps\2.0

2013-09-13 15:12 - 2013-09-13 15:12 - 00204208 _____ C:\Users\Paul\Downloads\voice-message (2).wav

2013-09-12 03:01 - 2013-07-31 09:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-12 03:01 - 2013-07-31 08:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-12 03:01 - 2013-07-31 08:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-12 03:01 - 2013-07-31 08:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-12 03:01 - 2013-07-31 08:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-12 03:01 - 2013-07-31 08:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-12 03:01 - 2013-07-31 08:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-12 03:01 - 2013-07-31 08:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-12 03:01 - 2013-07-31 08:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-12 03:01 - 2013-07-31 08:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-12 03:01 - 2013-07-31 08:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-12 03:01 - 2013-07-31 08:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-12 03:01 - 2013-07-31 08:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-12 03:01 - 2013-07-31 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-12 03:01 - 2013-07-31 08:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-12 03:01 - 2013-07-31 08:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-12 03:01 - 2013-07-31 05:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-12 03:01 - 2013-07-31 05:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-12 03:01 - 2013-07-31 05:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-12 03:01 - 2013-07-31 04:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-12 03:01 - 2013-07-31 04:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-09-12 03:01 - 2013-07-31 04:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-12 03:01 - 2013-07-31 04:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-09-12 03:01 - 2013-07-31 04:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-12 03:01 - 2013-07-31 04:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-12 03:01 - 2013-07-31 04:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-09-12 03:01 - 2013-07-31 04:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-09-12 03:01 - 2013-07-31 04:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-12 03:01 - 2013-07-31 04:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-12 03:01 - 2013-07-31 04:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-12 03:01 - 2013-07-31 04:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-09-12 03:01 - 2013-07-31 04:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-12 01:42 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-12 01:42 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-12 01:42 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-12 01:42 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-12 01:42 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-12 01:42 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-12 01:42 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-12 01:42 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-12 01:42 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-12 01:42 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-12 01:42 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-12 01:42 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-12 01:42 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-12 01:42 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-12 01:42 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-12 01:42 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-12 01:42 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-12 01:42 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-12 01:42 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-12 01:42 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-12 01:42 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-12 01:42 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-12 01:42 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-12 01:42 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-12 01:42 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-12 01:42 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-12 01:42 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-06 09:43 - 2013-09-06 09:43 - 00000000 ____D C:\Users\Paul\Desktop\500 pixels

2013-09-05 04:41 - 2013-09-05 04:41 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-09-04 16:05 - 2013-10-01 13:14 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-09-04 16:02 - 2013-10-04 14:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-04 16:02 - 2013-10-04 13:10 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-04 16:02 - 2013-09-04 16:07 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-09-04 16:02 - 2013-09-04 16:07 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-09-04 14:45 - 2013-09-04 14:45 - 00030720 _____ C:\Users\Paul\Downloads\interstate-price-list-2013 (1).xls

2013-09-04 14:42 - 2013-09-04 14:42 - 00030720 _____ C:\Users\Paul\Downloads\interstate-price-list-2013.xls

2013-09-04 11:07 - 2013-09-28 13:11 - 00000000 ____D C:\Users\Paul\AppData\Local\gtk-2.0

2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Users\Paul\.thumbnails

2013-09-04 10:58 - 2013-09-28 13:20 - 00000000 ____D C:\Users\Paul\.gimp-2.8

2013-09-04 10:58 - 2013-09-04 10:58 - 00000000 ____D C:\Users\Paul\AppData\Local\gegl-0.2

2013-09-04 10:58 - 2013-09-04 10:58 - 00000000 ____D C:\Program Files\GIMP 2

2013-09-04 10:54 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Paul\Desktop\eBay Edit

 

==================== One Month Modified Files and Folders =======

 

2013-10-04 14:21 - 2013-10-04 14:21 - 01954124 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe

2013-10-04 14:21 - 2013-10-04 14:21 - 00000000 ____D C:\FRST

2013-10-04 14:21 - 2012-10-18 12:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-04 14:12 - 2013-09-04 16:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-04 14:10 - 2012-05-21 17:18 - 00000000 ____D C:\ProgramData\PDFC

2013-10-04 13:46 - 2013-09-28 09:49 - 00021592 _____ C:\Users\Paul\Desktop\dds.txt

2013-10-04 13:46 - 2013-09-28 09:49 - 00010654 _____ C:\Users\Paul\Desktop\attach.txt

2013-10-04 13:18 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-04 13:18 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-04 13:14 - 2012-10-18 11:09 - 01705735 _____ C:\Windows\WindowsUpdate.log

2013-10-04 13:14 - 2009-07-14 00:13 - 00779534 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-04 13:10 - 2013-09-04 16:02 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-04 13:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-04 13:10 - 2009-07-13 23:51 - 00052358 _____ C:\Windows\setupact.log

2013-10-03 10:15 - 2012-10-22 12:23 - 00000000 ____D C:\Users\Paul\AppData\Roaming\SoftGrid Client

2013-10-02 08:12 - 2013-07-13 09:13 - 00001052 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk

2013-10-01 14:50 - 2012-10-26 15:00 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPaul

2013-10-01 14:50 - 2012-10-26 15:00 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForPaul.job

2013-10-01 13:14 - 2013-09-04 16:05 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-09-28 13:20 - 2013-09-04 10:58 - 00000000 ____D C:\Users\Paul\.gimp-2.8

2013-09-28 13:11 - 2013-09-28 13:11 - 00037315 _____ C:\Users\Paul\AppData\Local\recently-used.xbel

2013-09-28 13:11 - 2013-09-04 11:07 - 00000000 ____D C:\Users\Paul\AppData\Local\gtk-2.0

2013-09-28 10:28 - 2013-09-28 10:28 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-28 10:28 - 2013-09-28 10:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-28 10:28 - 2013-09-28 10:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-28 10:12 - 2012-10-23 08:27 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-09-28 09:48 - 2013-09-28 09:48 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com

2013-09-28 08:57 - 2013-09-28 08:57 - 00000000 ____D C:\Users\Paul\AppData\Local\Apps\2.0

2013-09-27 14:49 - 2013-04-05 14:24 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-09-27 14:49 - 2012-10-19 14:10 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-09-27 14:49 - 2012-10-19 14:08 - 00000000 ____D C:\Users\Paul\AppData\Roaming\HP Support Assistant

2013-09-27 14:49 - 2012-10-19 11:28 - 00000000 ____D C:\Users\Paul\AppData\Roaming\HpUpdate

2013-09-20 09:21 - 2012-12-11 23:21 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-20 09:21 - 2012-10-18 12:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-20 09:21 - 2012-10-18 12:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-20 09:21 - 2012-05-21 17:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-13 15:12 - 2013-09-13 15:12 - 00204208 _____ C:\Users\Paul\Downloads\voice-message (2).wav

2013-09-12 03:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-09-12 03:20 - 2012-10-18 11:14 - 00000000 ___RD C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-12 03:20 - 2012-10-18 11:14 - 00000000 ___RD C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-12 03:20 - 2009-07-13 23:45 - 05090336 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-12 03:03 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT

2013-09-12 03:03 - 2012-10-22 12:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-12 03:03 - 2011-02-11 12:15 - 00795738 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-12 03:02 - 2012-11-28 12:30 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-06 23:01 - 2010-11-20 22:47 - 00362420 _____ C:\Windows\PFRO.log

2013-09-06 09:43 - 2013-09-06 09:43 - 00000000 ____D C:\Users\Paul\Desktop\500 pixels

2013-09-05 17:11 - 2012-10-19 08:36 - 00000000 ____D C:\ProgramData\Sendori

2013-09-05 04:41 - 2013-09-05 04:41 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-09-04 16:39 - 2013-09-04 10:54 - 00000000 ____D C:\Users\Paul\Desktop\eBay Edit

2013-09-04 16:07 - 2013-09-04 16:02 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-09-04 16:07 - 2013-09-04 16:02 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-09-04 16:04 - 2012-10-18 11:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-09-04 16:02 - 2012-10-24 16:56 - 00000000 ____D C:\Program Files (x86)\Google

2013-09-04 14:45 - 2013-09-04 14:45 - 00030720 _____ C:\Users\Paul\Downloads\interstate-price-list-2013 (1).xls

2013-09-04 14:42 - 2013-09-04 14:42 - 00030720 _____ C:\Users\Paul\Downloads\interstate-price-list-2013.xls

2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Users\Paul\.thumbnails

2013-09-04 11:07 - 2012-10-18 11:09 - 00000000 ____D C:\Users\Paul

2013-09-04 11:05 - 2013-08-29 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-09-04 10:58 - 2013-09-04 10:58 - 00000000 ____D C:\Users\Paul\AppData\Local\gegl-0.2

2013-09-04 10:58 - 2013-09-04 10:58 - 00000000 ____D C:\Program Files\GIMP 2

 

Files to move or delete:

====================

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-10-01 00:25

 

==================== End Of Log ============================

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

You have ZeroAccess infection on your system, maybe that explains the problems you have.... You did not attach the second log from FRST.....

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Run quick scan from Malwarebytes, post that log...

 

Kevin

fixlist.txt

Link to post
Share on other sites
randpcarriages

randpcarriages

Posted
  • Author
Posted
Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.04.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: JORI [administrator]

 

Protection: Enabled

 

10/4/2013 3:00:28 PM

mbam-log-2013-10-04 (15-00-28).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206106

Time elapsed: 4 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Delete the last fixlist.txt file I attached, we need to run the fix again.......

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Let me see the new log....

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

mmm, that is the wrong fixlist.txt being used again, hence the Fix.log Not sure whats going on, I definitely upload the correct file....

 

OK we do this a different way, ensure you delete any files named fixlist.txt that I attached in my replies and you d/l..

 

Next,

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy. Then right click into open open notepad and select Paste. Save it on the flashdrive as fixlist.txt

startU2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\   \...\???\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)C:\Windows\system32\%APPDATA%C:\Program Files (x86)\Google\Desktop\InstallDeleteJunctionsIndirectory: C:\Program Files\Windows Defenderend

Run FRST and press the Fix button just once and wait.

The tool will make a log please post it to your reply.

Link to post
Share on other sites
randpcarriages

randpcarriages

Posted
  • Author
Posted
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by Paul at 2013-10-04 16:05:03 Run:4

Running from C:\Users\Paul\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\   \...\???\{6c58df74-89b7-c7eb-4f8e-3e9826fc07f9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Windows\system32\%APPDATA%

C:\Program Files (x86)\Google\Desktop\Install

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

end

*****************

 

*etadpug => Service deleted successfully.

C:\Windows\system32\%APPDATA% => Moved successfully.

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

That is much better, can you run the following one more time also;

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

If you still have the tool from last time just use that, no need to d/l again....

 

Next,

 

Check Malwarebytes for updates, run another quick scan...

 

Next,

 

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites
randpcarriages

randpcarriages

Posted
  • Author
Posted
RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Paul [Admin rights]

Mode : Scan -- Date : 10/04/2013 16:22:45

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721010CLA630 SATA Disk Device +++++

--- User ---

[MBR] 43b9766c882391d4a6f4b95499bb76bb

[bSP] cb1f5dcdbb54387fd51fec9c421033e5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936612 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918388224 | Size: 17155 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] f9e15fd300c7418703c3fe3701985811

[bSP] d28eff7f63e6770ef2ace5edbefd2052 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

 

Finished : << RKreport[0]_S_10042013_162245.txt >>
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok we also have an MBR issue, do the following:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.