Jump to content

malwarebytes locking up during scan had pup.softonic


Recommended Posts

Hey guys started with pup.optional.softtonic etc. and ran malwarebytes seem to catch it but - when I run script for quick scan it goes through and doesnt catch anything - when I run full scan it catches 7 things, but then locks up about 2 min into it.....things have gotten worse hard to get to do much of anything not responsive at all not in safe mode - and even safe mode locks up sometimes.

 

This is work computer - gotta get it back going again THANKS !! 

dds

 

attach.txt :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/30/2011 9:06:01 AM
System Uptime: 11/11/2013 12:43:51 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0J4TFW
Processor: Intel® Core i7-2720QM CPU @ 2.20GHz | CPU 1 | 2195/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 315.513 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 6.218 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Controller
Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Manufacturer: Microsoft
Name: High Definition Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Service: HDAudBus
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
AccelerometerP11
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader XI (11.0.02)
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Article Marketing Robot
BioAPI Framework
Bonjour
BrowserSafeguard with RocketTab
Custom
CyberLink PowerDVD 9.5
Dell ControlVault Host Components Installer 64 bit
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell System Manager
Dell Touchpad
Dell Webcam Central
DellAccess
DirectX 9 Runtime
Dropbox
EMBASSY Security Center
f.lux
Gemalto
GetDiz
Google Talk Plugin
GoToMeeting 5.4.0.1083
Intel® Processor Graphics
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Kudos Chat Search Agent
Kudos Chat Search v2
LG United Mobile Driver
Live! Cam Avatar Creator
LogoMaker 3.0
Malwarebytes Anti-Malware version 1.75.0.1300
Market Samurai
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
mIRC
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NTRU TCG Software Stack
NVIDIA 3D Vision Driver 268.83
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Optimus 1.0.23
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
ozTitleGenerator
PC-CCID
PDF Settings CS5
PhotoShowExpress
Preboot Manager
Private Information Manager
RBVirtualFolder64Inst
RoboForm 7-7-4 (All Users)
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SEO PowerSuite
Skype Click to Call
Skype™ 6.10
Sonic CinePlayer Decoder Pack
SPBA 5.9
TeamViewer 7
Trend Micro Client/Server Security Agent
Trusted Drive Manager
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Upek Touchchip Fingerprint Reader
VLC media player 1.1.11
Wave Infrastructure Installer
Wave Support Software Installer
Wicked Article Creator 2.7.0.0
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.01 (64-bit)
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
11/11/2013 9:40:14 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/11/2013 9:33:00 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
11/11/2013 12:48:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/11/2013 12:44:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/11/2013 12:44:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/11/2013 12:44:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/2013 12:44:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/11/2013 12:44:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047}
11/11/2013 12:44:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr tmtdi Wanarpv6
11/11/2013 12:44:15 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:44:14 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
11/11/2013 12:43:06 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/11/2013 12:25:03 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk.
11/11/2013 12:25:03 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/11/2013 12:22:42 PM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/11/2013 12:22:42 PM, Error: Service Control Manager [7038]  - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/11/2013 12:22:42 PM, Error: Service Control Manager [7000]  - The Network List Service service failed to start due to the following error:  The service did not start due to a logon failure.
11/11/2013 12:22:42 PM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
11/11/2013 12:22:41 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The operation completed successfully.
11/11/2013 12:10:12 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:10:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/11/2013 12:10:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/11/2013 12:09:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vwififlt Wanarpv6 WfpLwf ws2ifsl
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 12:09:39 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

 

 

 

 

 

 

 

------------------------ dds.txt----------------------------------------------

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.21.2
Run by Matt at 12:47:55 on 2013-11-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8073.7228 [GMT -5:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:49267;https=127.0.0.1:49267
uProxyOverride = <-loopback>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Kudos Chat Search] C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [f.lux] "C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[s2].txt
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\14454583435353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\341666563333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\54E434F42554934434534443 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\84E2D4E235E20265963647F62797 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\C4964747C65602D4963737024556373716 : DHCPNameServer = 172.16.12.1
TCP: Interfaces\{76C3DFE0-5580-49AA-8DA3-57425CD1028A}\D41647479723 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD275379-40AE-4E0D-94E5-2ED7A0734DEA} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\Citrix\Plugins\79\npappdetector.dll
FF - plugin: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-26 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-26 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-26 21616]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-11-8 196688]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-26 27760]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\o2mdrxpx64.sys [2011-9-26 74400]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjxpx64.sys [2011-9-26 83560]
S2 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimi~1\OptProCrash.exe" --> c:\progra~2\optimi~1\OptProCrash.exe [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-26 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-1-20 517488]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-27 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-1 701512]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-22 2848168]
S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-3-24 310032]
S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-3-24 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-11-8 338000]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-10-26 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-10-26 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-10-26 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-10-26 34304]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-26 172704]
S3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-9-26 38440]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-26 158976]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-27 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-26 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-26 181248]
S3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;C:\Windows\System32\drivers\nwdelgobi3kfilter.sys [2011-9-26 34304]
S3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\nwdelserial.sys [2011-9-26 234112]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-9-26 72808]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-30 1255736]
S4 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-4-7 50704]
S4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2010-7-21 596032]
S4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-7-21 917840]
.
=============== File Associations ===============
.
FileExt: .txt: GetDiz.TextFile=C:\Program Files (x86)\GetDiz\GetDiz.exe "%1"
FileExt: .ini: GetDiz.IniFile=C:\Program Files (x86)\GetDiz\GetDiz.exe "%1"
.
=============== Created Last 30 ================
.
2013-11-11 15:27:12    --------    d-----w-    C:\AdwCleaner
2013-11-11 15:12:34    --------    d-----w-    C:\Users\Matt\AppData\Local\BrowserSafeguard
2013-11-11 14:42:26    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-11 14:32:58    98816    ----a-w-    C:\Windows\sed.exe
2013-11-11 14:32:58    256000    ----a-w-    C:\Windows\PEV.exe
2013-11-11 14:32:58    208896    ----a-w-    C:\Windows\MBR.exe
2013-10-18 10:06:25    --------    d-----w-    C:\Users\Matt\AppData\Local\FluxSoftware
.
==================== Find3M  ====================
.
2013-10-10 14:32:05    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 14:32:05    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-30 15:12:51    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-20 11:02:14    708168    ----a-w-    C:\Windows\System32\WinUSBCoInstaller.dll
2013-08-20 11:02:14    1490656    ----a-w-    C:\Windows\System32\WdfCoInstaller01007.dll
2013-08-20 11:02:12    204568    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-08-20 11:02:12    103576    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
.
============= FINISH: 12:48:48.40 ===============
 

 

 

malwarebytes: 

 

--- -------------Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.11.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
Matt :: MININT-AH1V0P8 [administrator]

11/11/2013 12:51:56 PM
mbam-log-2013-11-11 (12-51-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231507
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.7 _x64_ [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Matt [Admin rights]
Mode : Scan -- Date : 11/11/2013 16:48:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][x][x]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49267;hxxps=127.0.0.1:49267 [Country: , City: ]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] 5dgmrkma.default : user_pref("network.proxy.hxxp", "173.213.90.71"); -> FOUND
[FF][PROXY] 5dgmrkma.default : user_pref("network.proxy.hxxp_port", 55555); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST9500423AS +++++
--- User ---
[MBR] 499a037b06e6d4eb68ad855b6217ef50
[bSP] 1a2470e630d31ecd478bb15bf9633fd3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 462937 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948097024 | Size: 13992 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11112013_164833.txt >>
RKreport[0]_S_11112013_164731.txt



THANK YOU SIR !!!

Link to post
Share on other sites

If "Trend Micro Client/Server Security Agent Antivirus" is your anti-virus, please permanently disable Windows Defender.

Running 2 anti-virus programs only causes conflicts and spotty protection:

How to Disable Defender

Dangers of running 2 anti-virus programs

 

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Did you set this proxy:

uProxyServer = hxxp=127.0.0.1:49267;https=127.0.0.1:49267

uProxyOverride = <-loopback>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lets run some scans.........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Ran fixdamage - said it fixed a few things,  but still hanging when I try to go back and run anti rootkit defenetly something there, when I try

and startup without safe mode computer still acts up - cant really do anything desktop pops up but just cant do anything or click on it.....

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I disabled windows defender several times it seems to still say it is enabled - ANYWAY here is combofix

 

ComboFix 13-11-11.01 - Matt 11/12/2013   9:45.7.8 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8073.7068 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-12 14:51 . 2013-11-12 14:51    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-11-12 14:51 . 2013-11-12 14:51    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-12 14:51 . 2013-11-12 14:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-11 23:07 . 2013-11-11 23:48    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-11 23:07 . 2013-11-11 23:47    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-11 23:05 . 2013-11-11 23:05    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-11 19:29 . 2013-11-11 19:29    --------    d-----w-    c:\windows\ERUNT
2013-11-11 15:27 . 2013-11-11 19:24    --------    d-----w-    C:\AdwCleaner
2013-10-18 10:06 . 2013-10-18 10:06    --------    d-----w-    c:\users\Matt\AppData\Local\FluxSoftware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 14:32 . 2011-10-01 00:26    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-30 15:14 . 2013-09-30 15:14    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-09-30 15:14 . 2013-09-30 15:14    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-30 15:14 . 2013-09-30 15:14    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-09-30 15:14 . 2013-09-30 15:14    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-09-30 15:14 . 2013-09-30 15:14    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-09-30 15:14 . 2013-09-30 15:14    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-09-30 15:14 . 2013-09-30 15:14    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-09-30 15:14 . 2013-09-30 15:14    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-09-30 15:14 . 2013-09-30 15:14    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-09-30 15:14 . 2013-09-30 15:14    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-09-30 15:14 . 2013-09-30 15:14    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-09-30 15:14 . 2013-09-30 15:14    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-09-30 15:14 . 2013-09-30 15:14    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-09-30 15:14 . 2013-09-30 15:14    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-09-30 15:14 . 2013-09-30 15:14    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-09-30 15:14 . 2013-09-30 15:14    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-09-30 15:14 . 2013-09-30 15:14    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-09-30 15:14 . 2013-09-30 15:14    2876928    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-09-30 15:14 . 2013-09-30 15:14    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-09-30 15:14 . 2013-09-30 15:14    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-09-30 15:14 . 2013-09-30 15:14    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-09-30 15:14 . 2013-09-30 15:14    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-09-30 15:14 . 2013-09-30 15:14    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-09-30 15:14 . 2013-09-30 15:14    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-09-30 15:14 . 2013-09-30 15:14    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-09-30 15:14 . 2013-09-30 15:14    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-09-30 15:14 . 2013-09-30 15:14    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-09-30 15:14 . 2013-09-30 15:14    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-09-30 15:14 . 2013-09-30 15:14    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-09-30 15:14 . 2013-09-30 15:14    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-30 15:14 . 2013-09-30 15:14    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-09-30 15:14 . 2013-09-30 15:14    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-30 15:14 . 2013-09-30 15:14    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-09-30 15:14 . 2013-09-30 15:14    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-09-30 15:14 . 2013-09-30 15:14    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-09-30 15:14 . 2013-09-30 15:14    441856    ----a-w-    c:\windows\system32\html.iec
2013-09-30 15:14 . 2013-09-30 15:14    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-09-30 15:14 . 2013-09-30 15:14    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-09-30 15:14 . 2013-09-30 15:14    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-30 15:14 . 2013-09-30 15:14    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-09-30 15:14 . 2013-09-30 15:14    2647040    ----a-w-    c:\windows\system32\iertutil.dll
2013-09-30 15:14 . 2013-09-30 15:14    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-09-30 15:14 . 2013-09-30 15:14    235008    ----a-w-    c:\windows\system32\url.dll
2013-09-30 15:14 . 2013-09-30 15:14    2241024    ----a-w-    c:\windows\system32\wininet.dll
2013-09-30 15:14 . 2013-09-30 15:14    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-09-30 15:14 . 2013-09-30 15:14    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-09-30 15:14 . 2013-09-30 15:14    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-09-30 15:14 . 2013-09-30 15:14    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-30 15:14 . 2013-09-30 15:14    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-09-30 15:14 . 2013-09-30 15:14    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-09-30 15:14 . 2013-09-30 15:14    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-09-30 15:14 . 2013-09-30 15:14    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-09-30 15:14 . 2013-09-30 15:14    19246592    ----a-w-    c:\windows\system32\mshtml.dll
2013-09-30 15:14 . 2013-09-30 15:14    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-09-30 15:14 . 2013-09-30 15:14    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-09-30 15:14 . 2013-09-30 15:14    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-09-30 15:14 . 2013-09-30 15:14    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-09-30 15:14 . 2013-09-30 15:14    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-09-30 15:14 . 2013-09-30 15:14    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-09-30 15:14 . 2013-09-30 15:14    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-09-30 15:14 . 2013-09-30 15:14    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-09-30 15:14 . 2013-09-30 15:14    3959296    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-30 15:14 . 2013-09-30 15:14    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-30 15:14 . 2013-09-30 15:14    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-30 15:14 . 2013-09-30 15:14    15404544    ----a-w-    c:\windows\system32\ieframe.dll
2013-09-30 15:14 . 2013-09-30 15:14    149504    ----a-w-    c:\windows\system32\occache.dll
2013-09-30 15:14 . 2013-09-30 15:14    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-09-30 15:14 . 2013-09-30 15:14    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-30 15:14 . 2013-09-30 15:14    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-09-30 15:14 . 2013-09-30 15:14    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-09-30 15:14 . 2013-09-30 15:14    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-09-30 15:12 . 2013-09-30 15:12    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-09-30 15:12 . 2013-09-30 15:12    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-09-30 15:12 . 2013-09-30 15:12    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-09-30 15:12 . 2013-09-30 15:12    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-09-30 15:12 . 2013-09-30 15:12    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-09-30 15:12 . 2013-09-30 15:12    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-30 15:12 . 2013-09-30 15:12    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-09-30 15:12 . 2013-09-30 15:12    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-09-30 15:12 . 2013-09-30 15:12    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-09-30 15:12 . 2013-09-30 15:12    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 15:12 . 2013-09-30 15:12    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-09-30 15:12 . 2013-09-30 15:12    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-30 15:12 . 2013-09-30 15:12    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kudos Chat Search"="c:\program files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe" [2012-02-27 5726200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"f.lux"="c:\users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [bU]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R4 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]
R4 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxpx64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRxpx64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxpx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjxpx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 14:32]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 14:35]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17 14:35]
.
2013-11-11 c:\windows\Tasks\Run RoboForm TaskBar Icon.job
- c:\program files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2011-10-01 20:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12    139128    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12    139128    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 419096]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 312936]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1692264]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49267;https=127.0.0.1:49267
uInternet Settings,ProxyOverride = <-loopback>




Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\

FF - prefs.js: network.proxy.http - 173.213.90.71
FF - prefs.js: network.proxy.http_port - 55555
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.txt=GetDiz.TextFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mbamchameleon
SafeBoot-MBAMSwissArmy
AddRemove-Browsersafeguard - c:\users\Matt\AppData\Local\BrowserSafeguard\uninstall.browsersafeguard.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-12  09:53:19
ComboFix-quarantined-files.txt  2013-11-12 14:53
ComboFix2.txt  2013-11-11 14:42
ComboFix3.txt  2013-04-28 18:23
ComboFix4.txt  2012-04-06 14:38
ComboFix5.txt  2013-11-12 14:44
.
Pre-Run: 338,650,128,384 bytes free
Post-Run: 338,610,315,264 bytes free
.
- - End Of File - - 7ADB634A577F8B18A12508376D6846F4
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

THANK YOU SO MUCH

Link to post
Share on other sites

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Cannot really get to this step - when I select change parameters and click on loaded modules and too reboot - it reboots but I am doing all this from safe mode, only way the computer works at all - regular mode gives some application.dll error for malwarebytes not from malwarebytes, as if malwarebytes is messed up and then loads desktop but you cannot click on anything at all.  So - when it reboots i have to press f8 to get into safe mode but tdskiller is not starting back up automatically when i force it into safemode after the reboot as intructed above - make sense ? 

 

Thank you

Link to post
Share on other sites

(you can do this in safe mode)

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Matt (administrator) on MININT-AH1V0P8 on 12-11-2013 12:00:22
Running from C:\Users\Matt\Desktop\dds
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM-x32\...\Runonce: [{67CCDC7F-81CC-45BA-98A0-72FB009A882A}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
HKLM-x32\...\Runonce: [{36B4841C-8700-4FB7-A6B9-B4B7FE320157}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [Kudos Chat Search] - C:\Program Files (x86)\KudosChatSearchAgent\KudosChatSearchAgent.exe [5726200 2012-02-27] (Kudos Knowledge)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [f.lux] - C:\Users\Matt\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49267;https=127.0.0.1:49267
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default

FF NetworkProxy: "http", "173.213.90.71"
FF NetworkProxy: "http_port", 55555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Matt\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Matt\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SeoQuake - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Page Speed - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: firebug - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: historyblock - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\historyblock@kain.xpi
FF Extension: nasanightlaunch - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: pagerank - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\pagerank@any-tech.ws.xpi
FF Extension: toolbar - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\toolbar@sape.ru.xpi
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{0471d3b0-a403-11df-981c-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: fireftp - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: downbarconfig - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\5dgmrkma.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1836616 2011-02-18] (Trend Micro Inc.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-13] ()
S4 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] ()
S4 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2060896 2011-02-18] (Trend Micro Inc.)
S4 TmPfw; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [596032 2010-07-21] (Trend Micro Inc.)
S4 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917840 2010-07-21] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-11] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [116440 2013-11-11] (Malwarebytes Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2010-12-21] (Novatel Wireless Inc)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2010-12-21] (Novatel Wireless Inc.)
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRxpx64.sys [74400 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjxpx64.sys [83560 2011-03-23] (O2Micro )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [310032 2011-03-24] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42768 2011-03-24] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [1988368 2011-03-24] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 nvkflt; system32\DRIVERS\nvkflt.sys [x]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 12:00 - 2013-11-12 12:00 - 00000000 ____D C:\FRST
2013-11-12 09:53 - 2013-11-12 09:53 - 00029768 _____ C:\ComboFix.txt
2013-11-12 09:40 - 2013-11-12 09:40 - 05145576 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe
2013-11-11 18:19 - 2013-11-11 18:46 - 00000000 ____D C:\Users\Matt\Desktop\mbar
2013-11-11 18:07 - 2013-11-11 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-11 18:07 - 2013-11-11 18:47 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-11 18:05 - 2013-11-11 18:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-11 16:48 - 2013-11-11 16:48 - 00002131 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164833.txt
2013-11-11 16:47 - 2013-11-11 16:47 - 00001161 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164731.txt
2013-11-11 14:31 - 2013-11-11 14:31 - 00002163 _____ C:\Users\Matt\Desktop\JRT.txt
2013-11-11 14:29 - 2013-11-11 14:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 14:28 - 2013-11-11 14:28 - 01034531 _____ (Thisisu) C:\Users\Matt\Desktop\JRT.exe
2013-11-11 14:00 - 2013-11-11 14:00 - 00004529 _____ C:\Users\Matt\Desktop\MBRCheck_11.11.13_14.00.21.txt
2013-11-11 13:31 - 2013-11-11 13:31 - 00000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job
2013-11-11 12:48 - 2013-11-11 12:48 - 00018611 _____ C:\Users\Matt\Desktop\dds.txt
2013-11-11 12:48 - 2013-11-11 12:48 - 00015534 _____ C:\Users\Matt\Desktop\attach.txt
2013-11-11 12:46 - 2013-11-11 12:46 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.scr
2013-11-11 12:20 - 2013-11-11 12:20 - 00002253 _____ C:\Users\Matt\Desktop\RKreport[4]_D_11112013_02d1220.txt
2013-11-11 12:19 - 2013-11-11 12:19 - 00003035 _____ C:\Users\Matt\Desktop\RKreport[3]_S_11112013_02d1219.txt
2013-11-11 11:56 - 2013-11-11 11:56 - 00006576 ____N C:\bootsqm.dat
2013-11-11 10:27 - 2013-11-11 14:24 - 00000000 ____D C:\AdwCleaner
2013-11-11 10:26 - 2013-11-11 10:27 - 01085542 _____ C:\Users\Matt\Desktop\AdwCleaner.exe
2013-11-11 10:16 - 2013-11-11 10:16 - 00000000 ____D C:\Users\Matt\Desktop\New folder (4)
2013-11-11 09:32 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 09:32 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 09:32 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 09:32 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 09:32 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 09:32 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 09:32 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 09:32 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-22 14:42 - 2013-10-22 14:42 - 00000000 ____D C:\Users\Matt\Downloads\The.Neverending.Story.1984.720p.BluRay.x264-MELiTE
2013-10-22 14:41 - 2013-10-22 14:43 - 00000000 ____D C:\Users\Matt\Downloads\The NeverEnding Story[1984]DvDrip[720x436]AC3[6ch][Eng]-RHooD
2013-10-21 11:31 - 2013-10-21 11:31 - 00054073 _____ C:\Users\Matt\Desktop\Tower Lease Broken link report for October 21, 2013.txt
2013-10-18 05:06 - 2013-10-18 05:06 - 00000000 ____D C:\Users\Matt\AppData\Local\FluxSoftware

==================== One Month Modified Files and Folders =======

2013-11-12 12:00 - 2013-11-12 12:00 - 00000000 ____D C:\FRST
2013-11-12 11:59 - 2012-12-29 17:40 - 00000000 ____D C:\Users\Matt\Desktop\dds
2013-11-12 10:30 - 2013-06-10 07:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 10:29 - 2012-07-19 15:09 - 00000000 ___RD C:\Users\Matt\Dropbox
2013-11-12 10:29 - 2012-07-19 15:05 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Dropbox
2013-11-12 10:28 - 2011-09-26 12:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 10:27 - 2010-11-20 22:47 - 00018878 _____ C:\Windows\PFRO.log
2013-11-12 10:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 10:27 - 2009-07-13 23:51 - 00081812 _____ C:\Windows\setupact.log
2013-11-12 10:24 - 2013-04-28 13:27 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Matt\Desktop\TDSSKiller.exe
2013-11-12 09:53 - 2013-11-12 09:53 - 00029768 _____ C:\ComboFix.txt
2013-11-12 09:53 - 2012-04-02 08:59 - 00000000 ____D C:\Qoobox
2013-11-12 09:53 - 2012-03-10 15:51 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0
2013-11-12 09:51 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-11-12 09:40 - 2013-11-12 09:40 - 05145576 ____R (Swearware) C:\Users\Matt\Desktop\ComboFix.exe
2013-11-11 19:51 - 2011-10-01 13:06 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2013-11-11 19:50 - 2011-09-26 12:45 - 00000000 ____D C:\ProgramData\Sonic
2013-11-11 18:48 - 2013-11-11 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-11 18:47 - 2013-11-11 18:07 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-11 18:46 - 2013-11-11 18:19 - 00000000 ____D C:\Users\Matt\Desktop\mbar
2013-11-11 18:05 - 2013-11-11 18:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-11 16:48 - 2013-11-11 16:48 - 00002131 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164833.txt
2013-11-11 16:47 - 2013-11-11 16:47 - 00001161 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11112013_164731.txt
2013-11-11 16:47 - 2013-04-28 13:46 - 00000000 ____D C:\Users\Matt\Desktop\RK_Quarantine
2013-11-11 14:31 - 2013-11-11 14:31 - 00002163 _____ C:\Users\Matt\Desktop\JRT.txt
2013-11-11 14:29 - 2013-11-11 14:29 - 00000000 ____D C:\Windows\ERUNT
2013-11-11 14:28 - 2013-11-11 14:28 - 01034531 _____ (Thisisu) C:\Users\Matt\Desktop\JRT.exe
2013-11-11 14:24 - 2013-11-11 10:27 - 00000000 ____D C:\AdwCleaner
2013-11-11 14:00 - 2013-11-11 14:00 - 00004529 _____ C:\Users\Matt\Desktop\MBRCheck_11.11.13_14.00.21.txt
2013-11-11 13:31 - 2013-11-11 13:31 - 00000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job
2013-11-11 12:48 - 2013-11-11 12:48 - 00018611 _____ C:\Users\Matt\Desktop\dds.txt
2013-11-11 12:48 - 2013-11-11 12:48 - 00015534 _____ C:\Users\Matt\Desktop\attach.txt
2013-11-11 12:47 - 2011-09-30 21:55 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2013-11-11 12:46 - 2013-11-11 12:46 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.scr
2013-11-11 12:20 - 2013-11-11 12:20 - 00002253 _____ C:\Users\Matt\Desktop\RKreport[4]_D_11112013_02d1220.txt
2013-11-11 12:19 - 2013-11-11 12:19 - 00003035 _____ C:\Users\Matt\Desktop\RKreport[3]_S_11112013_02d1219.txt
2013-11-11 11:56 - 2013-11-11 11:56 - 00006576 ____N C:\bootsqm.dat
2013-11-11 10:33 - 2013-05-17 09:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job
2013-11-11 10:27 - 2013-11-11 10:26 - 01085542 _____ C:\Users\Matt\Desktop\AdwCleaner.exe
2013-11-11 10:20 - 2011-10-20 18:59 - 00000000 ____D C:\Users\Matt\Downloads\2011 5.0 pics
2013-11-11 10:16 - 2013-11-11 10:16 - 00000000 ____D C:\Users\Matt\Desktop\New folder (4)
2013-11-11 09:28 - 2013-04-28 13:10 - 04101100 _____ C:\Users\Matt\Desktop\tdsskiller.zip
2013-11-11 09:15 - 2009-07-14 00:13 - 00795040 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 08:36 - 2009-07-14 00:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 08:20 - 2011-09-26 14:08 - 02090457 _____ C:\Windows\WindowsUpdate.log
2013-11-10 20:31 - 2013-05-17 09:35 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job
2013-11-08 08:32 - 2011-09-30 17:26 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2013-11-07 08:20 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 08:20 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 10:59 - 2011-10-01 13:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 10:59 - 2011-10-01 13:06 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 10:56 - 2011-10-03 09:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\SoftGrid Client
2013-11-06 10:56 - 2011-10-02 12:22 - 00000000 ____D C:\Users\Matt\Downloads\Rank Tracker projects
2013-11-06 10:56 - 2011-10-02 12:20 - 00339984 _____ C:\Users\Matt\.ranktracker.properties
2013-11-06 10:56 - 2011-10-02 12:18 - 00000000 ____D C:\Users\Matt\.ranktracker
2013-11-06 10:56 - 2011-09-30 09:53 - 00001264 _____ C:\Windows\TMFilter.log
2013-11-06 10:56 - 2011-09-30 08:06 - 00000000 ____D C:\Users\Matt
2013-11-05 11:03 - 2013-04-18 15:44 - 00000000 ____D C:\Users\Matt\Documents\Techwood Consulting
2013-10-22 14:43 - 2013-10-22 14:41 - 00000000 ____D C:\Users\Matt\Downloads\The NeverEnding Story[1984]DvDrip[720x436]AC3[6ch][Eng]-RHooD
2013-10-22 14:42 - 2013-10-22 14:42 - 00000000 ____D C:\Users\Matt\Downloads\The.Neverending.Story.1984.720p.BluRay.x264-MELiTE
2013-10-21 11:31 - 2013-10-21 11:31 - 00054073 _____ C:\Users\Matt\Desktop\Tower Lease Broken link report for October 21, 2013.txt
2013-10-18 05:06 - 2013-10-18 05:06 - 00000000 ____D C:\Users\Matt\AppData\Local\FluxSoftware
2013-10-18 05:06 - 2012-01-30 14:17 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\F.lux

Some content of TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe
C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 05:52

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Matt at 2013-11-12 12:02:04
Running from C:\Users\Matt\Desktop\dds
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
AccelerometerP11 (x32 Version: 2.00.10.22)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
Article Marketing Robot (x32 Version: 1.1.072)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Custom (Version: 01.00.00.000)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159)
Dell Data Protection | Access (Version: 01.01.01.001)
Dell Data Protection | Access (x32 Version: 2.0.00001.001)
Dell Data Protection | Access | Drivers (x32 Version: 1.00.011)
Dell Data Protection | Access | Middleware (x32 Version: 1.00.005)
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 7.1208.101.116)
Dell Webcam Central (x32 Version: 1.40.05)
DellAccess (Version: 01.01.00.053)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
EMBASSY Security Center (Version: 04.03.00.067)
f.lux (HKCU)
Gemalto (Version: 01.64.01.0010)
GetDiz (x32 Version: 4.6)
Google Talk Plugin (x32 Version: 4.9.1.16010)
GoToMeeting 5.4.0.1083 (HKCU Version: 5.4.0.1083)
Intel® Processor Graphics (x32 Version: 8.15.10.2353)
iTunes (Version: 10.5.3.3)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kudos Chat Search Agent (x32 Version: 2.1)
Kudos Chat Search v2 (x32 Version: 2.2)
LG United Mobile Driver (x32 Version: 2.2)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
LogoMaker 3.0 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Market Samurai (x32 Version: 0.92.78)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
mIRC (x32 Version: 7.22)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Notepad++ (x32 Version: 6.2)
NTRU TCG Software Stack (Version: 2.1.34)
NVIDIA 3D Vision Driver 268.83 (Version: 268.83)
NVIDIA Control Panel 268.83 (Version: 268.83)
NVIDIA Graphics Driver 268.83 (Version: 268.83)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6883)
NVIDIA Update Components (Version: 1.0.23)
ozTitleGenerator (HKCU Version: 1.1.0.12)
PC-CCID (Version: 2.0.0)
PDF Settings CS5 (x32 Version: 10.0)
PhotoShowExpress (x32 Version: 2.0.063)
Preboot Manager (Version: 03.03.00.049)
Private Information Manager (Version: 07.01.00.007)
RBVirtualFolder64Inst (Version: 1.00.0000)
RoboForm 7-7-4 (All Users) (x32 Version: 7-7-4)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
SEO PowerSuite (x32)
Skype Click to Call (x32 Version: 6.9.12585)
Skype™ 6.10 (x32 Version: 6.10.104)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SPBA 5.9 (Version: 5.9.4.6686)
TeamViewer 7 (x32 Version: 7.0.15723)
Trend Micro Client/Server Security Agent (x32 Version: 3.5.1163)
Trusted Drive Manager (Version: 4.0.5.8)
TurboTax 2011 (x32)
TurboTax 2011 wgaiper (x32 Version: 011.000.1699)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Wave Infrastructure Installer (Version: 07.66.40.0008)
Wave Support Software Installer (Version: 05.13.00.014)
Wicked Article Creator 2.7.0.0 (x32)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinZip 16.0 (Version: 16.0.9661)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-12 09:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0017F327-C07E-4DD2-97DF-0816BEE86A3D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2012-03-18] (Siber Systems)
Task: {1B1838EB-3472-4BAB-83C3-1BD558A22AB2} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-09-30] (Microsoft Corporation)
Task: {1D5A9E54-0DC1-4563-8344-64A1CAB184B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.)
Task: {99FB3E01-B579-4A9B-9F43-BDF8EBD2FAA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-17] (Google Inc.)
Task: {C6C22079-7456-46B4-B2ED-BE062CCBD93C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F833EB6D-E16A-4857-B995-B650F82CCCFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001Core.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675319862-669255112-2487870991-1001UA.job => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Run RoboForm TaskBar Icon.job => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20521097.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21438284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20521097.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21438284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 10:38:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 10:29:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 09:44:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (11/12/2013 09:44:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (11/12/2013 08:14:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:56:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:46:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:43:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:17:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/12/2013 00:00:05 PM) (Source: DCOM) (User: )
Description: 1084TdmService{285E95B2-ACD5-4405-8D24-2D73E65DD047}

Error: (11/12/2013 10:37:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/12/2013 10:37:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/12/2013 10:37:14 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/12/2013 10:37:08 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/12/2013 10:36:58 AM) (Source: DCOM) (User: )
Description: 1084TdmService{285E95B2-ACD5-4405-8D24-2D73E65DD047}

Error: (11/12/2013 10:36:48 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
tmtdi
Wanarpv6

Error: (11/12/2013 10:36:47 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (11/12/2013 10:36:46 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/12/2013 10:35:12 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/12/2013 10:38:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 10:29:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 09:44:43 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (11/12/2013 09:44:43 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (11/12/2013 08:14:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:56:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 07:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:46:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:43:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:17:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-12 09:50:49.644
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-12 09:50:49.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-12 09:50:49.535
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-12 09:50:49.488
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-28 14:20:52.051
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-28 14:20:52.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-28 14:20:52.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-28 14:20:51.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-03 16:39:40.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-03 16:39:40.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8072.9 MB
Available physical RAM: 7199.24 MB
Total Pagefile: 16143.98 MB
Available Pagefile: 15277.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:315.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.66 GB) (Free:6.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D2332EA8)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

You still have Defender enabled:

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Make sure you disable the service also:
How to Disable Defender

`````````````````````````````````````````````````

I'm not seeing much, do this first:

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......if there's still problems, do a clean boot to see if you can pin down what program is causing the problem:

http://support.microsoft.com/kb/929135


Let me know...MrC

Link to post
Share on other sites

Got defender stopped and went back and ran some others I couldnt before -

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by Matt at 2013-11-12 14:21:47 Run:1
Running from C:\Users\Matt\Desktop\dds
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM-x32\...\Runonce: [{67CCDC7F-81CC-45BA-98A0-72FB009A882A}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
HKLM-x32\...\Runonce: [{36B4841C-8700-4FB7-A6B9-B4B7FE320157}] - cmd.exe /C start /D "C:\Users\Matt\AppData\Local\Temp" /B {36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe -accepteula -accepteulaksn -activeimages -postboot [x]
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe
C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{67CCDC7F-81CC-45BA-98A0-72FB009A882A} => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{36B4841C-8700-4FB7-A6B9-B4B7FE320157} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"C:\Users\Matt\AppData\Local\Temp\{36B4841C-8700-4FB7-A6B9-B4B7FE320157}.exe" => File/Directory not found.
"C:\Users\Matt\AppData\Local\Temp\{67CCDC7F-81CC-45BA-98A0-72FB009A882A}.exe" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Kinda crazy - i will go in and disable have the services, its start up well enough and work fine in desktop for a min then ill start adding them one by one - doesnt happen again, ive tried all diff combos- then it will randomly happen - it locks up and I get BSOD - so I cant tell if its a service - im gonna try and re install malwarebytes and run a full scan again, since it found so many but always locked up - i had to delete it

Link to post
Share on other sites

Lol - ive cleaned plenty of these things have not seen anything like this before -ran SAS found one more virus - it got rid of it but did not provide any logs or anything i did a full scan.  Machine still acts very weird - with all the services running def get BSOD and it does not really run, desktop opens thats it - with them all off It behaves a little better can move around more and get some stuff going but usually it locks up eventually as well. So I am not sure it is one of the services - Thank you for your time so much - I am sending you a donation now !  If you have any other ideas let me know, if not I guess I need wipe it or something

Link to post
Share on other sites

SAFE MODE  is fine - i have been trying to uninstall Trendmicro security client - this is a business machine, i still think that has something to do with it for several reasons - cannot uninstall this thing though - deleted registry keys all of them, even used the custom uninstall tool from TM.  It just wont come off

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.