Jump to content

Possible Infection - DDS.txt & ATTACH.txt Results

JeromeAC

By JeromeAC
in Resolved Malware Removal Logs

 Share

Recommended Posts

JeromeAC

JeromeAC

Posted
Posted
  1. Computer is less than 60 days old
  2. The results of the dds tool appear below.  A couple of notes that may help:
  3. Drive H is an old, external 500GB WD hard drive to which I can no longer write; I can copy files from it but I can no longer back-up to it.  
  4. Although Skype is installed on my machine, it was not running at the time I ran the dds tool
  5. Thanks for your assistance
 
 
.ATTACH.txt 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2010 10:51:17
System Uptime: 12/7/2013 05:56:34 (4 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Z87-PLUS
Processor: Intel® Core i7-4770K CPU @ 3.50GHz | SOCKET 1150 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 209 GiB total, 143.5 GiB free.
E: is Removable
F: is Removable
G: is FIXED (NTFS) - 932 GiB total, 777.415 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 70.955 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® Ethernet Connection I217-V
Device ID: PCI\VEN_8086&DEV_153B&SUBSYS_859F1043&REV_04\3&11583659&0&C8
Manufacturer: Intel
Name: Intel® Ethernet Connection I217-V
PNP Device ID: PCI\VEN_8086&DEV_153B&SUBSYS_859F1043&REV_04\3&11583659&0&C8
Service: e1dexpress
.
==== System Restore Points ===================
.
RP62: 11/22/2013 08:55:49 - Windows Update
RP63: 11/26/2013 08:05:53 - Windows Update
RP64: 11/26/2013 18:38:54 - Removed ScorpionSaver
RP65: 11/26/2013 18:41:00 - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
RP66: 11/27/2013 08:45:10 - Windows Update
RP67: 11/27/2013 22:38:47 - Removed ScorpionSaver Services
RP68: 11/27/2013 22:39:18 - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP69: 11/28/2013 08:49:20 - Windows Update
RP70: 11/29/2013 18:09:34 - Installed PowerDirector
RP71: 11/29/2013 18:17:04 - Installed PowerDirector
RP72: 12/3/2013 14:32:03 - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS PMP Lite
ASUS Xonar DX Audio Driver
Bitdefender Antivirus Plus
Bonjour
CameraHelperMsi
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon Utilities Digital Photo Professional
Canon Utilities EOS Utility
Canon Utilities Picture Style Editor
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CyberLink PowerDirector 12
CyberLink WaveEditor 2
D3DX10
DMUninstaller
erLT
FAHClient
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
HD Writer AE 4.0
iCloud
Intel® Network Connections 18.7.28.0
iTunes
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.16
NVIDIA Update 9.3.16
NVIDIA Virtual Audio 1.2.9
Online Plug-in
OpenAL
OpenOffice.org 3.1
PCIe Soft Data Fax SoftRing Modem with SmartCP
Photo Common
Photo Gallery
QuickTime
Realtek High Definition Audio Driver
Samsung Magician
ScorpionSaver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Self-service Plug-in
SHIELD Streaming
Skype Click to Call
Skype™ 6.10
SmartSound Quicktracks 5
Tom Clancy's Splinter Cell® Blacklist™
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
VC_CRT_x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
12/7/2013 05:56:57, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
12/6/2013 07:53:57, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OneTouch4.
12/6/2013 07:50:38, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
12/6/2013 06:59:34, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
12/5/2013 19:22:46, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avc3 cdrom
12/5/2013 19:22:46, Error: Service Control Manager [7000]  - The Bitdefender Desktop Update Service service failed to start due to the following error:  The system cannot find the file specified.
12/5/2013 19:18:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004a (0x0000000077a4132a, 0x0000000000000002, 0x0000000000000000, 0xfffff880062f7b60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120513-7488-01.
12/3/2013 19:11:56, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk4\DR4.
.
==== End Of File ===========================
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Valued Customer at 9:06:28 on 2013-12-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16323.13131 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system\CMGxMon.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
G:\Malwarebytes' Anti-Malware\mbamscheduler.exe
G:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
G:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\VALUED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\VALUED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{22B78663-DEFC-4B56-B974-6AC5E12D3859} : DHCPNameServer = 137.107.3.150 137.107.2.1
TCP: Interfaces\{25DC47D6-58D6-4418-AAA6-9AB3A97BD204} : DHCPNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{80C306FB-F5BD-411D-AF84-8ED9C0655D09} : DHCPNameServer = 137.107.3.150 137.107.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\system\CmGxMon.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-12-5 727592]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-12-5 150256]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-22 20464]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-2 55952]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-12-5 103504]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2013-11-4 936728]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-7-30 204552]
R2 MBAMScheduler;MBAMScheduler;G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-16 418376]
R2 MBAMService;MBAMService;G:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-16 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15122208]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-12-5 67320]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-11-1 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-12-5 601360]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-10-22 2725376]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-22 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-22 786416]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-16 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-1 39200]
RUnknown Level Quality Watcher;Level Quality Watcher; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-12-5 82824]
S3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2009-6-30 288256]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-9-30 494864]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-10-9 171632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-16 111616]
S3 PMUSB2G;PassMark USB2.0 Loopback plug driver;C:\Windows\System32\drivers\PMUSB.sys [2010-4-1 26624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-17 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-9 805088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-12-06 10:38:17 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84D89270-E399-4A02-8498-41DCD87AA2DE}\mpengine.dll
2013-12-06 01:21:02 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-12-06 00:51:26 417299 ----a-w- C:\ProgramData\1386291008.bdinstall.bin
2013-12-06 00:50:43 82824 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-12-06 00:50:42 727592 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-12-06 00:50:42 601360 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-12-06 00:50:40 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Bitdefender
2013-12-06 00:50:39 3271472 ---ha-w- C:\bdr-bz02
2013-12-06 00:50:16 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-12-06 00:50:16 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-12-06 00:50:16 -------- d-----w- C:\ProgramData\Bitdefender
2013-12-06 00:49:36 241835 ----a-w- C:\ProgramData\1386290890.bdinstall.bin
2013-12-06 00:24:13 427088 ----a-w- C:\ProgramData\1386289399.bdinstall.bin
2013-12-06 00:22:18 62254 ----a-w- C:\ProgramData\1386289332.bdinstall.bin
2013-12-06 00:20:30 289079 ----a-w- C:\ProgramData\1386289201.bdinstall.bin
2013-12-06 00:20:29 -------- d-----w- C:\Program Files\Bitdefender
2013-12-06 00:17:07 3271472 ---ha-w- C:\bdr-bz01
2013-12-06 00:17:06 2247 ----a-w- C:\ProgramData\1386288990.5816.bin
2013-12-06 00:16:50 1451 ----a-w- C:\ProgramData\1386288990.2288.bin
2013-12-06 00:16:40 6706 ----a-w- C:\ProgramData\1386288990.2564.bin
2013-12-06 00:16:40 2726 ----a-w- C:\ProgramData\1386288990.5992.bin
2013-12-06 00:16:40 181021 ----a-w- C:\ProgramData\1386288990.2572.bin
2013-12-06 00:16:40 18047 ----a-w- C:\ProgramData\1386288990.5824.bin
2013-12-06 00:16:40 17891 ----a-w- C:\ProgramData\1386288990.5836.bin
2013-12-06 00:16:40 1090 ----a-w- C:\ProgramData\1386288990.5236.bin
2013-12-06 00:16:40 1090 ----a-w- C:\ProgramData\1386288990.3856.bin
2013-12-06 00:16:34 32994 ----a-w- C:\ProgramData\1386288990.6116.bin
2013-12-06 00:16:34 31186 ----a-w- C:\ProgramData\1386288990.2500.bin
2013-12-06 00:16:30 115738 ----a-w- C:\ProgramData\1386288990.4316.bin
2013-12-06 00:15:17 237451 ----a-w- C:\ProgramData\1386288829.bdinstall.bin
2013-12-06 00:13:40 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2013-12-06 00:13:33 5710344 ----a-w- C:\Users\Valued Customer\bitdefender_antivirus_2014.exe
2013-11-29 23:15:17 1029080 ----a-w- C:\Users\Valued Customer\CyberLink_PowerDirector_Downloader.exe
2013-11-29 23:12:14 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2013-11-29 23:12:14 -------- d-----w- C:\ProgramData\eSellerate
2013-11-29 23:12:14 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2013-11-29 23:09:51 -------- d-----w- C:\ProgramData\install_clap
2013-11-28 13:28:05 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Diagnostics
2013-11-28 03:32:15 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-26 22:45:41 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-11-26 22:45:35 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Systweak
2013-11-26 22:45:34 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-11-26 22:44:59 -------- d-----w- C:\temp
2013-11-26 22:44:58 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-11-21 10:48:04 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2013-11-20 13:45:09 84848 ----a-w- C:\Windows\System32\bdsandboxuiskin.dll
2013-11-20 13:45:08 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2013-11-20 13:45:01 34384 ----a-w- C:\Windows\System32\bdsandboxuh.dll
2013-11-16 15:21:03 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Malwarebytes
2013-11-16 15:20:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-16 15:20:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-16 14:33:51 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\ICAClient
2013-11-16 14:33:50 -------- d-----w- C:\ProgramData\Citrix
2013-11-16 14:33:45 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Citrix
2013-11-16 14:33:45 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2013-11-16 14:33:44 -------- d-----w- C:\Program Files (x86)\Citrix
2013-11-16 13:58:13 -------- d-----r- C:\Program Files (x86)\Skype
2013-11-16 12:17:04 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2013-11-13 13:19:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-12 01:15:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-12 01:15:44 -------- d-----w- C:\Program Files\iTunes
2013-11-12 01:15:44 -------- d-----w- C:\Program Files\iPod
2013-11-12 01:15:44 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-09 13:41:25 -------- d-----w- C:\Windows\en
2013-11-09 13:41:14 -------- d-----w- C:\Windows\PCHEALTH
2013-11-09 13:40:43 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\490cceb71cedd5103\DSETUP.dll
2013-11-09 13:40:43 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\490cceb71cedd5103\DXSETUP.exe
2013-11-09 13:40:43 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\490cceb71cedd5103\dsetup32.dll
2013-11-09 13:40:42 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\489fb36e1cedd5102\DSETUP.dll
2013-11-09 13:40:42 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\489fb36e1cedd5102\DXSETUP.exe
2013-11-09 13:40:42 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\489fb36e1cedd5102\dsetup32.dll
2013-11-09 13:40:41 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\486e42751cedd5101\DSETUP.dll
2013-11-09 13:40:41 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\486e42751cedd5101\DXSETUP.exe
2013-11-09 13:40:41 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\486e42751cedd5101\dsetup32.dll
2013-11-09 13:40:40 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Windows Live
2013-11-09 13:40:17 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-11-09 13:33:19 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Canon_Inc_IC
2013-11-09 13:16:01 565760 ----a-w- C:\Windows\SysWow64\MSVCP50.DLL
2013-11-09 13:14:03 304128 ----a-w- C:\Windows\IsUninst.exe
2013-11-09 06:32:57 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-09 06:32:34 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-11-09 06:32:26 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-09 06:32:19 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-09 05:08:24 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\ZoomBrowser EX
2013-11-08 00:26:22 -------- d-----w- C:\Users\Valued Customer\AppData\Local\CANON_INC
2013-11-08 00:05:08 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2013-11-08 00:05:08 -------- d-----w- C:\Program Files (x86)\Canon
2013-11-08 00:04:04 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2013-11-07 23:39:08 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
.
==================== Find3M  ====================
.
2013-11-11 10:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-05 01:23:26 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-11-04 15:41:30 11264 ----a-w- C:\wajam_validate.exe
2013-11-02 01:37:35 443632 ----a-w- C:\ProgramData\1383356093.bdinstall.bin
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-22 14:59:21 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-10-22 14:59:21 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-10-22 14:59:21 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-10-22 14:59:21 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-10-18 01:36:09 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:08 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:53 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-24 12:10:34 97768 ----a-w- C:\Windows\System32\drivers\ctxusbm.sys
2013-09-12 08:58:10 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-12 08:58:10 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
.
============= FINISH:  9:06:37.77 ===============
 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

Steps I followed:

  1. downloaded & saved to desktop Combofix
  2. disabled internet connection and Bitdefender Antivirus and Malwarebytes Pro
  3. Ran combofix
  4. urned back on Bitdefender Antivirus and Malwarebytes Pro
  5. Reconnected to Internet
  6. Bleeping Computer page indicated that a system restore point would be created; this did not occur following the running of Combofix
  7. Pasted combo log below:
ComboFix 13-12-13.01 - Valued Customer 12/15/2013  15:29:34.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16323.14166 [GMT -5:00]
Running from: c:\users\Valued Customer\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1383356093.bdinstall.bin
c:\programdata\1386288829.bdinstall.bin
c:\programdata\1386288990.2288.bin
c:\programdata\1386288990.2500.bin
c:\programdata\1386288990.2564.bin
c:\programdata\1386288990.2572.bin
c:\programdata\1386288990.3856.bin
c:\programdata\1386288990.4316.bin
c:\programdata\1386288990.5236.bin
c:\programdata\1386288990.5816.bin
c:\programdata\1386288990.5824.bin
c:\programdata\1386288990.5836.bin
c:\programdata\1386288990.5992.bin
c:\programdata\1386288990.6116.bin
c:\programdata\1386289201.bdinstall.bin
c:\programdata\1386289332.bdinstall.bin
c:\programdata\1386289399.bdinstall.bin
c:\programdata\1386290890.bdinstall.bin
c:\programdata\1386291008.bdinstall.bin
c:\users\Valued Customer\bitdefender_antivirus_2014.exe
c:\users\Valued Customer\CyberLink_PowerDirector_Downloader.exe
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
c:\windows\SysWow64\tmp7FCA.tmp
c:\windows\SysWow64\tmp7FDA.tmp
H:\autorun.inf
H:\explorer.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-15 to 2013-12-15  )))))))))))))))))))))))))))))))
.
.
2013-12-15 20:32 . 2013-12-15 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-15 19:58 . 2013-12-15 19:58 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-15 19:50 . 2013-12-15 19:50 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-13 11:32 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10130230-54B7-49FA-9023-69CEF0857D00}\mpengine.dll
2013-12-11 13:28 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-09 23:38 . 2013-12-09 23:38 -------- d-----w- c:\windows\Migration
2013-12-06 01:21 . 2013-12-06 01:21 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-12-06 00:50 . 2013-11-04 20:47 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-12-06 00:50 . 2013-07-19 22:08 601360 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-12-06 00:50 . 2013-07-19 22:04 727592 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-12-06 00:50 . 2013-12-06 00:50 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Bitdefender
2013-12-06 00:50 . 2013-08-13 17:38 3271472 ---ha-w- C:\bdr-bz02
2013-12-06 00:50 . 2013-12-06 01:21 -------- d-----w- c:\programdata\Bitdefender
2013-12-06 00:50 . 2013-08-23 17:48 150256 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-12-06 00:50 . 2013-08-07 17:46 389240 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-06 00:20 . 2013-12-06 00:50 -------- d-----w- c:\program files\Bitdefender
2013-12-06 00:17 . 2013-08-13 17:38 3271472 ---ha-w- C:\bdr-bz01
2013-12-06 00:13 . 2013-12-06 00:13 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2013-11-29 23:20 . 2013-11-29 23:36 -------- d-----w- c:\users\Public\CyberLink
2013-11-29 23:19 . 2013-11-30 00:06 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\CyberLink
2013-11-29 23:12 . 2013-11-29 23:12 -------- d-----w- c:\programdata\SmartSound Software Inc
2013-11-29 23:12 . 2013-11-29 23:12 -------- d-----w- c:\programdata\eSellerate
2013-11-29 23:12 . 2013-11-29 23:12 -------- d-----w- c:\program files (x86)\SmartSound Software
2013-11-29 23:11 . 2013-11-29 23:12 -------- d-----w- c:\program files (x86)\CyberLink
2013-11-29 23:09 . 2013-11-29 23:42 -------- d-----w- c:\programdata\CyberLink
2013-11-29 23:09 . 2013-11-29 23:12 -------- d-----w- c:\programdata\install_clap
2013-11-28 13:28 . 2013-12-07 14:23 -------- d-----w- c:\users\Valued Customer\AppData\Local\Diagnostics
2013-11-28 03:32 . 2013-10-16 15:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-26 22:45 . 2013-11-26 23:41 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-11-26 22:45 . 2013-11-26 23:40 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Systweak
2013-11-26 22:45 . 2013-08-22 23:36 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-11-26 22:44 . 2013-12-07 13:53 -------- d-----w- C:\temp
2013-11-26 22:44 . 2013-12-07 17:15 -------- d-----w- c:\program files\Level Quality Watcher
2013-11-21 10:48 . 2013-12-06 01:20 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2013-11-20 13:45 . 2013-11-04 20:47 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-11-20 13:45 . 2013-12-06 01:20 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2013-11-20 13:45 . 2013-11-04 20:46 34384 ----a-w- c:\windows\system32\bdsandboxuh.dll
2013-11-16 15:21 . 2013-11-16 15:21 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Malwarebytes
2013-11-16 15:20 . 2013-11-16 15:20 -------- d-----w- c:\programdata\Malwarebytes
2013-11-16 15:20 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-16 14:56 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-16 14:33 . 2013-11-16 18:55 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\ICAClient
2013-11-16 14:33 . 2013-11-16 14:33 -------- d-----w- c:\programdata\Citrix
2013-11-16 14:33 . 2013-11-16 14:34 -------- d-----w- c:\users\Valued Customer\AppData\Local\Citrix
2013-11-16 14:33 . 2013-11-16 14:33 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2013-11-16 14:33 . 2013-11-16 14:33 -------- d-----w- c:\program files (x86)\Citrix
2013-11-16 13:58 . 2013-11-16 14:13 -------- d-----w- c:\users\Valued Customer\AppData\Roaming\Skype
2013-11-16 13:58 . 2013-11-16 13:58 -------- d-----r- c:\program files (x86)\Skype
2013-11-16 13:58 . 2013-11-16 13:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-11-16 13:58 . 2013-11-16 13:58 -------- d-----w- c:\programdata\Skype
2013-11-16 12:17 . 2007-05-24 02:26 100352 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 00:01 . 2010-12-28 16:15 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 10:50 . 2010-12-28 16:09 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-09 13:41 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-09 06:32 . 2013-11-09 06:32 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-09 06:32 . 2013-11-09 06:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-11-09 06:32 . 2013-11-09 06:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-09 06:32 . 2013-11-09 06:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-05 01:23 . 2013-11-05 01:23 16896 ----a-w- c:\windows\AsTaskSched.dll
2013-11-04 15:41 . 2013-11-04 15:41 11264 ----a-w- C:\wajam_validate.exe
2013-11-02 16:27 . 2013-11-02 16:27 53248 ----a-r- c:\users\Valued Customer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-23 10:30 . 2013-11-02 01:50 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-23 10:30 . 2013-11-02 01:50 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-23 10:30 . 2013-11-02 01:50 696096 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-23 10:30 . 2013-11-02 01:50 655136 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-23 10:30 . 2013-11-02 01:50 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-23 10:30 . 2013-11-02 01:50 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-23 10:30 . 2013-11-02 01:50 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-10-23 10:30 . 2013-11-02 01:50 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-10-23 10:30 . 2013-11-02 01:50 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-23 10:30 . 2013-11-02 01:50 3131680 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-23 10:30 . 2013-11-02 01:50 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-23 10:30 . 2013-11-02 01:50 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-23 10:30 . 2013-11-02 01:50 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-23 10:30 . 2013-11-02 01:50 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-23 10:30 . 2013-11-02 01:50 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-23 10:30 . 2013-11-02 01:50 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-23 10:30 . 2013-11-02 01:50 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-23 10:30 . 2013-11-02 01:50 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-02 01:50 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-23 10:30 . 2013-11-02 01:50 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-23 10:30 . 2013-11-02 01:50 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-23 10:30 . 2013-11-02 01:50 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-23 10:30 . 2013-11-02 01:50 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-11-02 01:50 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-23 10:30 . 2013-11-02 01:50 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-23 10:30 . 2013-11-02 01:50 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-23 10:30 . 2013-11-02 01:50 11426568 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-23 10:30 . 2013-11-02 01:50 11374520 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-23 10:30 . 2013-10-28 12:43 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2013-10-22 14:45 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2013-10-22 14:45 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-23 10:30 . 2013-10-22 14:42 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2013-10-22 14:42 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2013-10-22 14:42 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 10:30 . 2013-10-22 14:42 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 08:20 . 2013-10-22 14:45 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-10-22 14:45 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-10-22 14:45 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-10-22 14:45 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-10-22 14:45 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-10-22 14:45 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-22 16:24 . 2013-10-22 16:24 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-22 14:59 . 2013-10-22 14:59 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-10-22 14:59 . 2013-10-22 14:59 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-10-22 14:59 . 2013-10-22 14:59 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-22 14:59 . 2013-10-22 14:59 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-10-18 01:36 . 2013-11-02 01:48 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-18 01:36 . 2013-11-02 01:48 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-16 00:48 . 2013-10-28 12:43 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-28 12:43 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-12 02:30 . 2013-11-13 13:19 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 13:19 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 13:19 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 13:19 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 13:19 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 13:19 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 13:19 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 13:19 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 13:19 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 13:19 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 13:19 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 13:19 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 13:19 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 13:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 13:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 13:19 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 23:01 . 2013-11-02 01:37 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 23:01 . 2013-11-02 01:37 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 23:01 . 2013-10-22 14:42 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-25 02:26 . 2013-11-13 13:19 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 13:19 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 13:19 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 13:19 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 13:19 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 13:19 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 13:19 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 13:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 13:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 13:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 13:19 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 13:19 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 13:19 30720 ----a-w- c:\windows\system32\lsass.exe
2013-09-24 12:10 . 2013-09-24 12:10 97768 ----a-w- c:\windows\system32\drivers\ctxusbm.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-11-18 560648]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-11-18 1000488]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-11-18 612696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-02 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-02 153992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2013-11-18 560648]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2013-11-18 1000488]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2013-11-18 612696]
.
c:\users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-13 4580256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-11-2 292736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 CAXHWBS3;CAXHWBS3;c:\windows\system32\DRIVERS\CAXHWBS3.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS3.sys [x]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 PMUSB2G;PassMark USB2.0 Loopback plug driver;c:\windows\system32\Drivers\PMUSB.sys;c:\windows\SYSNATIVE\Drivers\PMUSB.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;g:\malwarebytes' anti-malware\mbamscheduler.exe;g:\malwarebytes' anti-malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe;g:\malwarebytes' anti-malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 02:17 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 02:00]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02 02:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.cpl" [2008-01-10 6475776]
"Cmaudio8788GX"="c:\windows\system\CmGxMon.exe" [2007-12-19 20480]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2013-11-21 1734848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-15  15:33:20
ComboFix-quarantined-files.txt  2013-12-15 20:33
.
Pre-Run: 156,373,012,480 bytes free
Post-Run: 156,565,372,928 bytes free
.
- - End Of File - - 74068D4C6C61EEDC363216A390E8F746
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

That looks pretty good.  Combofix was able to find and remove items for us.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

Step 03 - Malwarebyte Anti-Rootkit

Followed directions

Infected file found - wajam_validate.exe - couldn't be remediated due to no backup.  I moved file to Recycle Bin; ran Anti-Rootkit again, it found file in Recycle Bin; I deleted it from Recycle Bin; ran tool again; no threats found.  Reports are below:

 

Mbar-log.txt

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2013.12.22.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Valued Customer :: AVA-407420-1 [administrator]
 
12/22/2013 15:27:08
mbar-log-2013-12-22 (15-27-08).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235929
Time elapsed: 3 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 17115754496, free: 15142817792
 
Downloaded database version: v2013.12.22.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/22/2013 15:13:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800e6ae790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa800e539b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800e34c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa800e3534a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800e34b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa800e2f7060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ce9f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800cad1060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ce7f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800cac24e0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce7f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac24e0, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4553281
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 439349248
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce9fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cad1060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C1D946E8
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e2f7060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e3534a0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e535930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e539b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69AA3A04
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition file system is NTFS
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected file C:\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_4_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 17115754496, free: 14751973376
 
=======================================
Initializing...
------------ Kernel report ------------
     12/22/2013 15:23:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800e6ae790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa800e539b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800e34c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa800e3534a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800e34b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa800e2f7060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ce9f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800cad1060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ce7f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800cac24e0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce7f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac24e0, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4553281
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 439349248
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce9fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cad1060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C1D946E8
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e2f7060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e3534a0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e535930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e539b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69AA3A04
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition file system is NTFS
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Infected file C:\$RECYCLE.BIN\S-1-5-21-1360142460-1499946298-1873140786-1000\$RHEEJ9S.exe could not be remediated because backup file is not available
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_4_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\$RHEEJ9S.exe_k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\$RHEEJ9S.exe_u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\$RHEEJ9S.exe_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 17115754496, free: 14669488128
 
=======================================
Initializing...
------------ Kernel report ------------
     12/22/2013 15:27:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\cmudaxp.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800e6ae790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xfffffa800e539b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800e34c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xfffffa800e3534a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800e34b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xfffffa800e2f7060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ce9f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800cad1060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ce7f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800cac24e0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce7f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce7f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cac24e0, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4553281
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 439349248
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ce9fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ce9f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cad1060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C1D946E8
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e2f7060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e34cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e34c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e3534a0, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e535930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e6ae790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e539b60, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69AA3A04
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002
    Partition file system is NTFS
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_4_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_4_r.mbam...
Removal finished
 
Step 04 - Junkware Removal Tool
 
JRT.txt Report
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Valued Customer on Sun 12/22/2013 at 15:33:35.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3314198
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A9A2BC1-2328-4651-8DF5-F5ADCF4DB521}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{64E0220A-7E9A-4D9C-975A-746A0F62A4E3}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Valued Customer\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Valued Customer\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Valued Customer\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Valued Customer\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Valued Customer\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\Valued Customer\appdata\local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at 15:36:51.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Step 05 - AdwCleaner
Followed steps with one exception:  ran full scan of C & G drives as my C drive is an SSD with nothing more than the OS on it; most of my files reside on my G drive (1TB HD).
 
AdwCleaner[s0].txt
# AdwCleaner v3.015 - Report created 22/12/2013 at 15:45:41
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Valued Customer - AVA-407420-1
# Running from : G:\Malwarebytes' Anti-Malware\AdwCleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Valued Customer\AppData\Local\WordLayers
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4486 octets] - [22/12/2013 15:42:54]
AdwCleaner[s0].txt - [4287 octets] - [22/12/2013 15:45:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4347 octets] ##########
Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted
Step 06 - ESET

Note:  My H drive is an external Maxtor 500GB drive that is corrupt - I can access and copy files from the H drive to my C or G drives, but I can't copy/add files to the H drive.  I can also delete files from the H drive. 

C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A application

H:\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D application

H:\Maxtor backup\DGS8ZW61\C\Documents and Settings\Jerome\Desktop\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application

H:\PDFCreator\message.exe a variant of Win32/InstallCore.A application

H:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application

 

Step 07 - Farbar Recovery Scan Tool

FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01

Ran by Valued Customer (administrator) on AVA-407420-1 on 22-12-2013 17:58:03

Running from G:\Malwarebytes' Anti-Malware\Farbar Recovery Scan Tool

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Windows\system\CMGxMon.exe

() C:\Windows\system\HsMgr64.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe

(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Farbar) G:\Malwarebytes' Anti-Malware\Farbar Recovery Scan Tool\mbamscheduler.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd

HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\system\CMGxMon.exe [20480 2007-12-18] ()

HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1735872 2013-12-16] (Bitdefender)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKCU\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [561672 2013-12-16] (Bitdefender)

HKCU\...\Run: [bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001512 2013-12-16] (Bitdefender)

HKCU\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [612696 2013-12-16] (Bitdefender)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk

ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC400818480CCCC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12

 

Chrome: 

=======



CHR DefaultSearchKeyword: google.com

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Extension: (Splendid) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0

CHR Extension: (YouTube) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Bitdefender Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.23.0_0

CHR Extension: (Google Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Digital Clock) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0

CHR Extension: (60 Minutes) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj\0.60_0

CHR Extension: (Skype Click to Call) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Rain Alarm) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.10_0

CHR Extension: (tinyFilter) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli\0.4_0

CHR Extension: (Google Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1

CHR Extension: (Gmail) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx

CHR HKLM-x32\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Users\Valued Customer\AppData\Local\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

 

==================== Services (Whitelisted) =================

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-11-04] ()

R2 MBAMScheduler; G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; G:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2013-11-15] (Bitdefender)

 

==================== Drivers (Whitelisted) ====================

 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.)

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)

S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2009-03-24] (PassMark Software)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 e1cexpress; system32\DRIVERS\e1c62x64.sys [x]

S3 e1qexpress; system32\DRIVERS\e1q62x64.sys [x]

S3 MSICDSetup; \??\D:\CDriver64.sys [x]

S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-22 17:57 - 2013-12-22 17:57 - 00000000 ____D C:\FRST

2013-12-22 16:09 - 2013-12-22 16:09 - 00000000 ____D C:\Program Files (x86)\ESET

2013-12-22 15:42 - 2013-12-22 15:45 - 00000000 ____D C:\AdwCleaner

2013-12-22 15:36 - 2013-12-22 15:36 - 00003563 _____ C:\Users\Valued Customer\Desktop\JRT.txt

2013-12-22 15:33 - 2013-12-22 15:33 - 00000000 ____D C:\Windows\ERUNT

2013-12-22 15:13 - 2013-12-22 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-22 15:12 - 2013-12-22 15:26 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-17 10:48 - 2013-12-17 10:48 - 00072554 _____ C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart.htm

2013-12-17 10:48 - 2013-12-17 10:48 - 00000000 ____D C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart_files

2013-12-15 17:28 - 2013-12-15 17:28 - 00000000 ____D C:\ProgramData\Citrix

2013-12-15 17:23 - 2013-12-15 17:23 - 00000093 _____ C:\Users\Valued Customer\AppData\Roaming\ARCompanion.log

2013-12-15 15:33 - 2013-12-15 15:33 - 00026073 _____ C:\ComboFix.txt

2013-12-15 15:28 - 2013-12-15 15:33 - 00000000 ____D C:\Qoobox

2013-12-15 15:28 - 2013-12-15 15:33 - 00000000 ____D C:\ComboFix

2013-12-15 15:28 - 2013-12-15 15:32 - 00000000 ____D C:\Windows\erdnt

2013-12-15 15:28 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-15 15:28 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-15 15:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-15 15:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-15 15:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-15 15:28 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-15 15:28 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-15 15:28 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-15 15:11 - 2013-12-15 15:11 - 05154339 ____R (Swearware) C:\Users\Valued Customer\Desktop\ComboFix.exe

2013-12-13 06:25 - 2013-12-13 06:25 - 00001229 _____ C:\Users\Public\Desktop\Samsung Magician.lnk

2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction.notebook

2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction (1).notebook

2013-12-12 05:15 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-12 05:15 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-12 05:15 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-12 05:15 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-12 05:15 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-12 05:15 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-12 05:15 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-12 05:15 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-12 05:15 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-12 05:15 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-12 05:15 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-12 05:15 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-12 05:15 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-12 05:15 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-12 05:15 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-12 05:15 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-12 05:15 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-12 05:15 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-12 05:15 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-12 05:15 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-12 05:15 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-12 05:15 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-12 05:15 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-12 05:15 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-12 05:15 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-12 05:15 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-12 05:15 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-12 05:15 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-12 05:15 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-12 05:15 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-12 05:15 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-12 05:15 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-12 05:15 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-12 05:15 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-12 05:15 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-11 08:28 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-11 08:28 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-11 08:28 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-11 08:28 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-11 08:28 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-11 08:28 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-11 08:28 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-11 08:28 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-11 08:28 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-11 08:28 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-11 08:28 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-11 08:28 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-11 08:28 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-11 08:28 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-11 08:28 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-11 08:28 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-11 08:28 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-11 08:28 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-11 08:28 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-07 19:26 - 2013-12-07 19:26 - 00001635 _____ C:\Users\Valued Customer\Documents\Xmas Card Label Data0.odb

2013-12-07 10:47 - 2013-12-07 10:47 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Valued Customer\Desktop\Tcpview.exe

2013-12-07 09:06 - 2013-12-07 09:06 - 00031690 _____ C:\Users\Valued Customer\Desktop\dds.txt

2013-12-07 09:06 - 2013-12-07 09:06 - 00007951 _____ C:\Users\Valued Customer\Desktop\attach.txt

2013-12-07 09:04 - 2013-12-07 09:04 - 00688992 ____R (Swearware) C:\Users\Valued Customer\Desktop\dds.com

2013-12-05 20:21 - 2013-12-05 20:21 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2013-12-05 19:50 - 2013-12-05 20:21 - 00000000 ____D C:\ProgramData\Bitdefender

2013-12-05 19:50 - 2013-12-05 19:50 - 00253404 ____H C:\bdr-ld02

2013-12-05 19:50 - 2013-12-05 19:50 - 00009216 ____H C:\bdr-ld02.mbr

2013-12-05 19:50 - 2013-12-05 19:50 - 00002190 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2013-12-05 19:50 - 2013-12-05 19:50 - 00002071 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk

2013-12-05 19:50 - 2013-12-05 19:50 - 00000684 ____H C:\bdr-cf02

2013-12-05 19:50 - 2013-12-05 19:50 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Bitdefender

2013-12-05 19:50 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys

2013-12-05 19:50 - 2013-09-24 15:38 - 46879860 ____H C:\bdr-im02.gz

2013-12-05 19:50 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

2013-12-05 19:50 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz02

2013-12-05 19:50 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2013-12-05 19:50 - 2013-07-19 17:08 - 00601360 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2013-12-05 19:50 - 2013-07-19 17:04 - 00727592 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2013-12-05 19:20 - 2013-12-05 19:50 - 00000000 ____D C:\Program Files\Bitdefender

2013-12-05 19:18 - 2013-12-05 19:18 - 00296064 _____ C:\Windows\Minidump\120513-7488-01.dmp

2013-12-05 19:17 - 2013-12-05 19:17 - 00253404 ____H C:\bdr-ld01

2013-12-05 19:17 - 2013-12-05 19:17 - 00009216 ____H C:\bdr-ld01.mbr

2013-12-05 19:17 - 2013-12-05 19:17 - 00000684 ____H C:\bdr-cf01

2013-12-05 19:17 - 2013-09-24 15:38 - 46879860 ____H C:\bdr-im01.gz

2013-12-05 19:17 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01

2013-11-30 09:51 - 2013-12-06 16:38 - 00197120 ___SH C:\Users\Valued Customer\Thumbs.db

2013-11-29 19:11 - 2013-12-22 15:47 - 00007660 _____ C:\Windows\setupact.log

2013-11-29 19:11 - 2013-11-29 19:11 - 00000000 _____ C:\Windows\setuperr.log

2013-11-29 18:20 - 2013-11-29 18:36 - 00000000 ____D C:\Users\Public\CyberLink

2013-11-29 18:20 - 2013-11-29 18:20 - 00000000 ____D C:\Users\Valued Customer\Documents\CyberLink

2013-11-29 18:19 - 2013-11-29 19:06 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\CyberLink

2013-11-29 18:16 - 2013-11-29 18:16 - 175214360 _____ C:\Users\Valued Customer\Documents\PowerDirector_2230_GM3.5_Patch_Patch_VDE131028-01.exe

2013-11-29 18:12 - 2013-11-29 19:10 - 00001449 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk

2013-11-29 18:12 - 2013-11-29 18:12 - 00001417 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\SmartSound Software Inc

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\eSellerate

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\Program Files (x86)\SmartSound Software

2013-11-29 18:11 - 2013-11-29 18:12 - 00000000 ____D C:\Program Files (x86)\CyberLink

2013-11-29 18:09 - 2013-11-29 18:42 - 00000000 ____D C:\ProgramData\CyberLink

2013-11-29 18:09 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\install_clap

2013-11-28 08:27 - 2013-11-28 08:27 - 00003012 _____ C:\Windows\System32\Tasks\{157BFB6D-897F-44DF-9E6A-32C29B3DC012}

2013-11-27 22:32 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll

 

==================== One Month Modified Files and Folders =======

 

2013-12-22 17:57 - 2013-12-22 17:57 - 00000000 ____D C:\FRST

2013-12-22 17:16 - 2013-11-01 21:00 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-22 17:04 - 2010-12-28 10:51 - 01587120 _____ C:\Windows\WindowsUpdate.log

2013-12-22 16:09 - 2013-12-22 16:09 - 00000000 ____D C:\Program Files (x86)\ESET

2013-12-22 15:54 - 2009-07-13 23:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-22 15:54 - 2009-07-13 23:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-22 15:53 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-22 15:47 - 2013-11-29 19:11 - 00007660 _____ C:\Windows\setupact.log

2013-12-22 15:47 - 2013-11-01 21:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-22 15:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-22 15:45 - 2013-12-22 15:42 - 00000000 ____D C:\AdwCleaner

2013-12-22 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

2013-12-22 15:36 - 2013-12-22 15:36 - 00003563 _____ C:\Users\Valued Customer\Desktop\JRT.txt

2013-12-22 15:33 - 2013-12-22 15:33 - 00000000 ____D C:\Windows\ERUNT

2013-12-22 15:30 - 2013-12-22 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-22 15:26 - 2013-12-22 15:12 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-20 12:37 - 2012-01-06 08:22 - 00295478 _____ C:\Windows\PFRO.log

2013-12-17 10:48 - 2013-12-17 10:48 - 00072554 _____ C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart.htm

2013-12-17 10:48 - 2013-12-17 10:48 - 00000000 ____D C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart_files

2013-12-15 18:23 - 2013-10-09 11:31 - 00000000 ____D C:\Windows\system32\MRT

2013-12-15 18:22 - 2010-12-28 11:15 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-15 18:21 - 2013-11-11 21:13 - 00007599 _____ C:\Users\Valued Customer\AppData\Local\Resmon.ResmonCfg

2013-12-15 17:28 - 2013-12-15 17:28 - 00000000 ____D C:\ProgramData\Citrix

2013-12-15 17:28 - 2013-11-16 09:33 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Citrix

2013-12-15 17:28 - 2013-11-16 09:33 - 00000000 ____D C:\Program Files (x86)\Citrix

2013-12-15 17:23 - 2013-12-15 17:23 - 00000093 _____ C:\Users\Valued Customer\AppData\Roaming\ARCompanion.log

2013-12-15 15:33 - 2013-12-15 15:33 - 00026073 _____ C:\ComboFix.txt

2013-12-15 15:33 - 2013-12-15 15:28 - 00000000 ____D C:\Qoobox

2013-12-15 15:33 - 2013-12-15 15:28 - 00000000 ____D C:\ComboFix

2013-12-15 15:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default

2013-12-15 15:32 - 2013-12-15 15:28 - 00000000 ____D C:\Windows\erdnt

2013-12-15 15:32 - 2010-12-28 10:51 - 00000000 ____D C:\Users\Valued Customer

2013-12-15 15:32 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini

2013-12-15 15:11 - 2013-12-15 15:11 - 05154339 ____R (Swearware) C:\Users\Valued Customer\Desktop\ComboFix.exe

2013-12-13 06:25 - 2013-12-13 06:25 - 00001229 _____ C:\Users\Public\Desktop\Samsung Magician.lnk

2013-12-13 06:25 - 2013-10-22 11:40 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-12-13 06:25 - 2010-12-28 10:51 - 00000000 ___RD C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction.notebook

2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction (1).notebook

2013-12-12 11:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-12-12 05:17 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-12-12 05:17 - 2009-07-13 23:45 - 00295440 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-10 14:42 - 2013-11-09 08:40 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Windows Live

2013-12-09 18:39 - 2013-10-22 09:44 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-12-07 19:26 - 2013-12-07 19:26 - 00001635 _____ C:\Users\Valued Customer\Documents\Xmas Card Label Data0.odb

2013-12-07 10:47 - 2013-12-07 10:47 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Valued Customer\Desktop\Tcpview.exe

2013-12-07 09:06 - 2013-12-07 09:06 - 00031690 _____ C:\Users\Valued Customer\Desktop\dds.txt

2013-12-07 09:06 - 2013-12-07 09:06 - 00007951 _____ C:\Users\Valued Customer\Desktop\attach.txt

2013-12-07 09:04 - 2013-12-07 09:04 - 00688992 ____R (Swearware) C:\Users\Valued Customer\Desktop\dds.com

2013-12-06 16:38 - 2013-11-30 09:51 - 00197120 ___SH C:\Users\Valued Customer\Thumbs.db

2013-12-05 20:21 - 2013-12-05 20:21 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2013-12-05 20:21 - 2013-12-05 19:50 - 00000000 ____D C:\ProgramData\Bitdefender

2013-12-05 20:20 - 2013-11-21 05:48 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll

2013-12-05 20:20 - 2013-11-20 08:45 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2013-12-05 19:50 - 2013-12-05 19:50 - 00253404 ____H C:\bdr-ld02

2013-12-05 19:50 - 2013-12-05 19:50 - 00009216 ____H C:\bdr-ld02.mbr

2013-12-05 19:50 - 2013-12-05 19:50 - 00002190 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk

2013-12-05 19:50 - 2013-12-05 19:50 - 00002071 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk

2013-12-05 19:50 - 2013-12-05 19:50 - 00000684 ____H C:\bdr-cf02

2013-12-05 19:50 - 2013-12-05 19:50 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Bitdefender

2013-12-05 19:50 - 2013-12-05 19:20 - 00000000 ____D C:\Program Files\Bitdefender

2013-12-05 19:50 - 2013-11-01 20:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender

2013-12-05 19:18 - 2013-12-05 19:18 - 00296064 _____ C:\Windows\Minidump\120513-7488-01.dmp

2013-12-05 19:18 - 2013-11-16 07:22 - 608095958 _____ C:\Windows\MEMORY.DMP

2013-12-05 19:18 - 2013-11-16 07:22 - 00000000 ____D C:\Windows\Minidump

2013-12-05 19:17 - 2013-12-05 19:17 - 00253404 ____H C:\bdr-ld01

2013-12-05 19:17 - 2013-12-05 19:17 - 00009216 ____H C:\bdr-ld01.mbr

2013-12-05 19:17 - 2013-12-05 19:17 - 00000684 ____H C:\bdr-cf01

2013-12-02 19:55 - 2013-10-22 09:45 - 00000000 ____D C:\ProgramData\NVIDIA

2013-12-02 19:54 - 2012-01-06 09:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-12-02 19:39 - 2012-01-06 09:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-12-02 19:26 - 2013-11-02 00:12 - 00000385 _____ C:\Users\Valued Customer\AppData\Roaminguser_gensett.xml

2013-11-29 19:11 - 2013-11-29 19:11 - 00000000 _____ C:\Windows\setuperr.log

2013-11-29 19:10 - 2013-11-29 18:12 - 00001449 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk

2013-11-29 19:06 - 2013-11-29 18:19 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\CyberLink

2013-11-29 18:42 - 2013-11-29 18:09 - 00000000 ____D C:\ProgramData\CyberLink

2013-11-29 18:36 - 2013-11-29 18:20 - 00000000 ____D C:\Users\Public\CyberLink

2013-11-29 18:20 - 2013-11-29 18:20 - 00000000 ____D C:\Users\Valued Customer\Documents\CyberLink

2013-11-29 18:17 - 2013-10-22 09:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-11-29 18:16 - 2013-11-29 18:16 - 175214360 _____ C:\Users\Valued Customer\Documents\PowerDirector_2230_GM3.5_Patch_Patch_VDE131028-01.exe

2013-11-29 18:14 - 2013-01-17 10:39 - 00067744 _____ C:\Users\Valued Customer\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-29 18:12 - 2013-11-29 18:12 - 00001417 _____ C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\SmartSound Software Inc

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\eSellerate

2013-11-29 18:12 - 2013-11-29 18:12 - 00000000 ____D C:\Program Files (x86)\SmartSound Software

2013-11-29 18:12 - 2013-11-29 18:11 - 00000000 ____D C:\Program Files (x86)\CyberLink

2013-11-29 18:12 - 2013-11-29 18:09 - 00000000 ____D C:\ProgramData\install_clap

2013-11-29 09:37 - 2013-11-16 10:20 - 00000638 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-28 19:11 - 2013-11-01 21:00 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-11-28 19:11 - 2013-11-01 21:00 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-11-28 08:27 - 2013-11-28 08:27 - 00003012 _____ C:\Windows\System32\Tasks\{157BFB6D-897F-44DF-9E6A-32C29B3DC012}

2013-11-26 18:39 - 2013-05-02 08:20 - 00000000 ____D C:\Windows\system32\appmgmt

2013-11-26 06:54 - 2013-12-12 05:15 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-26 05:19 - 2013-12-12 05:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-26 05:18 - 2013-12-12 05:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-26 05:11 - 2013-12-12 05:15 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-26 04:48 - 2013-12-12 05:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-26 04:46 - 2013-12-12 05:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-26 04:41 - 2013-12-12 05:15 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-26 04:29 - 2013-12-12 05:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-26 04:27 - 2013-12-12 05:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-26 04:23 - 2013-12-12 05:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-26 04:21 - 2013-12-12 05:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-26 04:18 - 2013-12-12 05:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-26 04:18 - 2013-12-12 05:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-26 04:16 - 2013-12-12 05:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-26 03:57 - 2013-12-12 05:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-26 03:38 - 2013-12-12 05:15 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-26 03:38 - 2013-12-12 05:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-26 03:35 - 2013-12-12 05:15 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-26 03:32 - 2013-12-12 05:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-26 03:28 - 2013-12-12 05:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-26 03:16 - 2013-12-12 05:15 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-26 03:02 - 2013-12-12 05:15 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-26 02:48 - 2013-12-12 05:15 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-26 02:32 - 2013-12-12 05:15 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-26 02:26 - 2013-12-12 05:15 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-26 02:07 - 2013-12-12 05:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-26 01:40 - 2013-12-12 05:15 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-26 01:34 - 2013-12-12 05:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-26 01:34 - 2013-12-12 05:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-26 01:33 - 2013-12-12 05:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-26 01:27 - 2013-12-12 05:15 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-23 13:26 - 2013-12-11 08:28 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-11-23 12:47 - 2013-12-11 08:28 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

 

Some content of TEMP:

====================

C:\Users\Valued Customer\AppData\Local\Temp\ARCompanionForSession1.exe

C:\Users\Valued Customer\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-20 13:24

 

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01

Ran by Valued Customer at 2013-12-22 17:59:37

Running from G:\Malwarebytes' Anti-Malware\Farbar Recovery Scan Tool

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

 

==================== Installed Programs ======================

 

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

ASUS PMP Lite (x32 Version: 1.00.0000)

ASUS Xonar DX Audio Driver

Bitdefender Antivirus Plus (Version: 17.23.0.996)

Bonjour (Version: 3.0.0.10)

CameraHelperMsi (x32 Version: 13.51.815.0)

CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)

Canon MOV Decoder (x32 Version: 1.9.0.8)

Canon MOV Encoder (x32 Version: 1.8.0.1)

Canon Utilities Digital Photo Professional (x32 Version: 3.13.20.0)

Canon Utilities EOS Utility (x32 Version: 2.13.20.0)

Canon Utilities Picture Style Editor (x32 Version: 1.13.20.0)

Citrix Authentication Manager (x32 Version: 5.1.0.62606)

Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0)

Citrix Receiver (x32 Version: 14.1.0.0)

Citrix Receiver Inside (x32 Version: 4.1.0.56471)

Citrix Receiver Updater (x32 Version: 4.1.0.56461)

Citrix Receiver(Aero) (x32 Version: 14.1.0.0)

Citrix Receiver(DV) (x32 Version: 14.1.0.0)

Citrix Receiver(USB) (x32 Version: 14.1.0.0)

CyberLink PowerDirector 12 (x32 Version: 12.0.2230.0)

CyberLink WaveEditor 2 (x32 Version: 2.0.4203)

D3DX10 (x32 Version: 15.4.2368.0902)

DMUninstaller (x32)

erLT (x32 Version: 1.20.138.34)

ESET Online Scanner v3 (x32)

FAHClient (x32 Version: 7.1.52)

GeForce Experience NvStream Client Components (Version: 1.6.28)

Google Chrome (x32 Version: 31.0.1650.63)

Google Update Helper (x32 Version: 1.3.22.3)

HD Writer AE 4.0 (x32 Version: 4.00.022.1033)

iCloud (Version: 3.0.2.163)

Intel® Network Connections 18.7.28.0 (Version: 18.7.28.0)

iTunes (Version: 11.1.3.8)

Logitech Webcam Software (x32 Version: 2.51)

LWS Facebook (x32 Version: 13.50.854.0)

LWS Gallery (x32 Version: 13.51.827.0)

LWS Help_main (x32 Version: 13.51.828.0)

LWS Launcher (x32 Version: 13.51.828.0)

LWS Motion Detection (x32 Version: 13.51.815.0)

LWS Pictures And Video (x32 Version: 13.51.815.0)

LWS Twitter (x32 Version: 13.30.1346.0)

LWS Webcam Software (x32 Version: 13.51.815.0)

LWS WLM Plugin (x32 Version: 1.30.1201.0)

LWS YouTube Plugin (x32 Version: 13.31.1038.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Movie Maker (x32 Version: 16.4.3508.0205)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65)

NVIDIA Control Panel 331.65 (Version: 331.65)

NVIDIA GeForce Experience 1.7 (Version: 1.7)

NVIDIA Graphics Driver 331.65 (Version: 331.65)

NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)

NVIDIA Install Application (Version: 2.1002.142.992)

NVIDIA LED Visualizer 1.0 (Version: 1.0)

NVIDIA PhysX (x32 Version: 9.13.0725)

NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)

NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)

NVIDIA Update 9.3.16 (Version: 9.3.16)

NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)

Online Plug-in (x32 Version: 14.1.0.0)

OpenAL (x32)

OpenOffice.org 3.1 (x32 Version: 3.1.9399)

PCIe Soft Data Fax SoftRing Modem with SmartCP (Version: 7.80.5.0)

Photo Gallery (x32 Version: 16.4.3508.0205)

QuickTime (x32 Version: 7.74.80.86)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)

Samsung Magician (x32 Version: 4.3.0)

ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION

Self-service Plug-in (x32 Version: 4.1.0.41738)

SHIELD Streaming (Version: 1.6.34)

Skype Click to Call (x32 Version: 6.13.13771)

Skype™ 6.10 (x32 Version: 6.10.104)

SmartSound Quicktracks 5 (x32 Version: 5.1.8)

Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.01)

Uplay (x32 Version: 4.0)

VC_CRT_x64 (Version: 1.02.0000)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205)

Windows Live Essentials (x32 Version: 16.4.3508.0205)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3508.0205)

Windows Live Photo Common (x32 Version: 16.4.3508.0205)

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)

Windows Live SOXE (x32 Version: 16.4.3508.0205)

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)

Windows Live UX Platform (x32 Version: 16.4.3508.0205)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)

 

==================== Restore Points  =========================

 

09-12-2013 23:38:18 Windows Update

12-12-2013 10:15:02 Windows Update

15-12-2013 20:29:07 ComboFix created restore point

15-12-2013 23:22:40 Windows Update

20-12-2013 17:41:53 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2013-12-15 15:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {160E92F3-6F8F-457B-8FC1-CD1D1679943C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6D99D021-ECD3-4BF3-A1FD-BE5D6C37A44C} - System32\Tasks\{157BFB6D-897F-44DF-9E6A-32C29B3DC012} => C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe

Task: {8927AE09-5947-4983-A2A9-2AFF4F791D77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)

Task: {BCC3684F-DA9B-4BC4-9C1D-2A9225C77D74} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {D088F9FE-B373-4513-8F86-7123B2562F6A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)

Task: {E319BDE1-5A66-45AD-9886-E713B5C9382D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-05 19:50 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-11-08 07:36 - 2013-12-22 15:47 - 00029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2013-11-04 20:08 - 2013-11-04 20:02 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2013-12-05 19:50 - 2013-06-19 11:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2013-10-22 11:29 - 2011-04-19 13:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DX Audio\Customapp\VmixP8.dll

2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2013-12-13 06:25 - 2013-11-28 12:14 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

2013-12-13 06:25 - 2013-11-28 18:59 - 00098816 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll

2013-12-13 06:25 - 2013-11-28 18:59 - 00034304 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll

2013-12-13 06:25 - 2013-11-28 18:59 - 00032768 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll

2013-12-13 06:25 - 2013-11-28 19:00 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll

2013-12-13 06:25 - 2013-11-28 18:59 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll

2013-12-04 21:18 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-04 21:18 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-04 21:18 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-04 21:18 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-04 21:18 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-04 21:18 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Users\Valued Customer\Desktop\ComboFix.exe:BDU

AlternateDataStreams: C:\Users\Valued Customer\Desktop\dds.com:BDU

AlternateDataStreams: C:\Users\Valued Customer\Desktop\Tcpview.exe:BDU

AlternateDataStreams: C:\Users\Valued Customer\Downloads\iTunes64Setup.exe:BDU

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

 

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8003

 

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7005

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:04 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

 

 

System errors:

=============

Error: (12/22/2013 05:17:16 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 05:17:16 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 05:17:16 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:42 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

Error: (12/22/2013 04:53:06 PM) (Source: Ntfs) (User: )

Description: The file system structure on the disk is corrupt and unusable.

Please run the chkdsk utility on the volume OneTouch4.

 

 

Microsoft Office Sessions:

=========================

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

 

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8003

 

Error: (12/22/2013 05:03:07 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7005

 

Error: (12/22/2013 05:03:06 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006

 

Error: (12/22/2013 05:03:05 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/22/2013 05:03:04 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-12-15 15:32:30.434

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-12-15 15:32:30.406

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 19%

Total physical RAM: 16322.86 MB

Available physical RAM: 13198.5 MB

Total Pagefile: 32643.89 MB

Available Pagefile: 28481.51 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:209.5 GB) (Free:146.2 GB) NTFS

Drive g: (Internal Hard Drive ) (Fixed) (Total:931.51 GB) (Free:777.56 GB) NTFS

Drive h: (OneTouch4) (Fixed) (Total:465.76 GB) (Free:74.99 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: B4553281)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=209 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C1D946E8)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

========================================================

Disk: 4 (Size: 466 GB) (Disk ID: 69AA3A04)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

Thank you for your continued assistance with this issue.  Best wishes for an enjoyable Holiday Season.  

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Let me have you run the following so that we can make sure to remove all entries for ScorpionSaver from your system.

 

Please download the correct version of SystemLook for your computer and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.

    :filefind*adpeak**Scorpion*:folderfind*Scorpion**adpeak*:regfindScorpionadpeak
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

SystemLook 30.07.11 by jpshortstuff

Log created at 21:30 on 02/01/2014 by Valued Customer

Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"

C:\Windows\System32\AdpeakProxy64.dll --a---- 439296 bytes [03:32 28/11/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6

Searching for "*Scorpion*"

No files found.

========== folderfind ==========

Searching for "*Scorpion*"

No folders found.

Searching for "*adpeak*"

No folders found.

========== regfind ==========

Searching for "Scorpion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD]

@="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32]

@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="C:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="C:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"c:\Program Files (x86)\ScorpionSaver\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\background.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"DisplayName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"DisplayName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="C:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

Searching for "adpeak"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"HelpLink"="http://www.adpeak.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"Publisher"="Adpeak, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"HelpLink"="http://www.adpeak.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"Publisher"="Adpeak, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

-= EOF =-

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, thanks.  Please run the following then and we'll do a little more cleanup.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

FYI:  I had run Farbar Recovery earlier in this process as directed but ran it again as directed.  As a result, there is not Addition.txt from running it a second time.  Below is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Valued Customer (administrator) on AVA-407420-1 on 03-01-2014 08:21:08
Running from G:\Malwarebytes' Anti-Malware\Farbar Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Windows\system\CMGxMon.exe
() C:\Windows\system\HsMgr64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) G:\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.cpl,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\system\CMGxMon.exe [20480 2007-12-18] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1735872 2013-12-16] (Bitdefender)
HKLM\...\Run: [Onboard] - C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [561672 2013-12-16] (Bitdefender)
HKCU\...\Run: [bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001512 2013-12-16] (Bitdefender)
HKCU\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [612696 2013-12-16] (Bitdefender)
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC400818480CCCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12
 
Chrome: 
=======
CHR Extension: (Splendid) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0
CHR Extension: (YouTube) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Bitdefender Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.23.0_0
CHR Extension: (Google Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Digital Clock) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0
CHR Extension: (60 Minutes) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjhdahelgojehmfmkmdfjcpfbglbfmj\0.60_0
CHR Extension: (Skype Click to Call) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Rain Alarm) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.10_0
CHR Extension: (tinyFilter) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli\0.4_0
CHR Extension: (Google Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx
CHR HKLM-x32\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Users\Valued Customer\AppData\Local\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-11-04] ()
R2 MBAMScheduler; G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; G:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2013-11-15] (Bitdefender)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-30] (Conexant Systems, Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2009-03-24] (PassMark Software)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 e1cexpress; system32\DRIVERS\e1c62x64.sys [x]
S3 e1qexpress; system32\DRIVERS\e1q62x64.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-02 07:37 - 2014-01-02 07:38 - 00000000 ____D C:\Program Files (x86)\PowerDirector12
2014-01-02 07:37 - 2014-01-02 07:37 - 00001271 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-01-02 07:28 - 2014-01-02 07:30 - 645215712 _____ C:\Users\Valued Customer\Documents\PowerDirector_2109_GM2.5_Deluxe_VDE130917-03.exe
2014-01-01 20:20 - 2014-01-02 07:24 - 00001330 _____ C:\Users\Valued Customer\Desktop\CyberLink_PowerDirector_Downloader.lnk
2014-01-01 17:24 - 2014-01-01 17:25 - 217169424 _____ C:\Users\Valued Customer\Documents\PowerDirector_2420_GM4_Patch_Patch_VDE131113-01.exe
2014-01-01 17:22 - 2014-01-01 17:22 - 01029080 _____ (CyberLink) C:\Users\Valued Customer\CyberLink_PowerDirector_Downloader.exe
2013-12-29 18:19 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Valued Customer\Documents\Family Tree Maker
2013-12-29 18:18 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\The_Generations_Network
2013-12-28 17:19 - 2013-12-28 17:19 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-12-28 17:18 - 2013-12-28 17:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Western_Digital_Technolog
2013-12-28 16:57 - 2013-12-28 16:57 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Macromedia
2013-12-28 16:03 - 2014-01-03 05:01 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\Program Files\Western Digital
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-12-28 16:01 - 2013-12-28 16:57 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\com.wd.WDMyCloud
2013-12-28 16:01 - 2013-12-28 16:01 - 00001153 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2013-12-28 16:01 - 2013-12-28 16:01 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-12-28 16:00 - 2013-12-28 16:03 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-12-28 15:59 - 2013-12-28 16:03 - 00000000 ____D C:\ProgramData\Western Digital
2013-12-28 15:59 - 2013-12-28 15:59 - 00000204 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Learning Center.url
2013-12-28 15:59 - 2013-12-28 15:59 - 00000156 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Public Share.url
2013-12-28 15:59 - 2013-12-28 15:59 - 00000152 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Dashboard.url
2013-12-28 15:18 - 2013-12-28 17:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Western Digital
2013-12-22 17:57 - 2014-01-03 08:20 - 00000000 ____D C:\FRST
2013-12-22 16:09 - 2013-12-22 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-22 15:42 - 2013-12-22 15:45 - 00000000 ____D C:\AdwCleaner
2013-12-22 15:33 - 2013-12-22 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 15:13 - 2013-12-22 15:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-22 15:12 - 2013-12-22 15:26 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-17 10:48 - 2013-12-17 10:48 - 00072554 _____ C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart.htm
2013-12-17 10:48 - 2013-12-17 10:48 - 00000000 ____D C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart_files
2013-12-15 17:28 - 2013-12-15 17:28 - 00000000 ____D C:\ProgramData\Citrix
2013-12-15 17:23 - 2013-12-15 17:23 - 00000093 _____ C:\Users\Valued Customer\AppData\Roaming\ARCompanion.log
2013-12-15 15:33 - 2013-12-15 15:33 - 00026073 _____ C:\ComboFix.txt
2013-12-15 15:28 - 2013-12-15 15:33 - 00000000 ____D C:\Qoobox
2013-12-15 15:28 - 2013-12-15 15:33 - 00000000 ____D C:\ComboFix
2013-12-15 15:28 - 2013-12-15 15:32 - 00000000 ____D C:\Windows\erdnt
2013-12-15 15:28 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-15 15:28 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-15 15:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-15 15:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-15 15:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-15 15:28 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-15 15:28 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-15 15:28 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-15 15:11 - 2013-12-15 15:11 - 05154339 ____R (Swearware) C:\Users\Valued Customer\Desktop\ComboFix.exe
2013-12-13 06:25 - 2013-12-13 06:25 - 00001229 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction.notebook
2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction (1).notebook
2013-12-12 05:15 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 05:15 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 05:15 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 05:15 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 05:15 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 05:15 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 05:15 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 05:15 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 05:15 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 05:15 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 05:15 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 05:15 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 05:15 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 05:15 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 05:15 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 05:15 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 05:15 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 05:15 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 05:15 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 05:15 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 05:15 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 05:15 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 05:15 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 05:15 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 05:15 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 05:15 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 05:15 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 05:15 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 05:15 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 05:15 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 05:15 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 05:15 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 05:15 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 05:15 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 05:15 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 08:28 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:28 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:28 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:28 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:28 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:28 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:28 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:28 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:28 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:28 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:28 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:28 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:28 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:28 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:28 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:28 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:28 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 08:28 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:28 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 10:47 - 2013-12-07 10:47 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Valued Customer\Desktop\Tcpview.exe
2013-12-07 09:04 - 2013-12-07 09:04 - 00688992 ____R (Swearware) C:\Users\Valued Customer\Desktop\dds.com
2013-12-05 20:21 - 2013-12-05 20:21 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2013-12-05 19:50 - 2013-12-05 20:21 - 00000000 ____D C:\ProgramData\Bitdefender
2013-12-05 19:50 - 2013-12-05 19:50 - 00253404 ____H C:\bdr-ld02
2013-12-05 19:50 - 2013-12-05 19:50 - 00009216 ____H C:\bdr-ld02.mbr
2013-12-05 19:50 - 2013-12-05 19:50 - 00002190 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-12-05 19:50 - 2013-12-05 19:50 - 00002071 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk
2013-12-05 19:50 - 2013-12-05 19:50 - 00000684 ____H C:\bdr-cf02
2013-12-05 19:50 - 2013-12-05 19:50 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Bitdefender
2013-12-05 19:50 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2013-12-05 19:50 - 2013-09-24 15:38 - 46879860 ____H C:\bdr-im02.gz
2013-12-05 19:50 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2013-12-05 19:50 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz02
2013-12-05 19:50 - 2013-08-07 12:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2013-12-05 19:50 - 2013-07-19 17:08 - 00601360 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2013-12-05 19:50 - 2013-07-19 17:04 - 00727592 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2013-12-05 19:20 - 2013-12-05 19:50 - 00000000 ____D C:\Program Files\Bitdefender
2013-12-05 19:18 - 2013-12-05 19:18 - 00296064 _____ C:\Windows\Minidump\120513-7488-01.dmp
2013-12-05 19:17 - 2013-12-05 19:17 - 00253404 ____H C:\bdr-ld01
2013-12-05 19:17 - 2013-12-05 19:17 - 00009216 ____H C:\bdr-ld01.mbr
2013-12-05 19:17 - 2013-12-05 19:17 - 00000684 ____H C:\bdr-cf01
2013-12-05 19:17 - 2013-09-24 15:38 - 46879860 ____H C:\bdr-im01.gz
2013-12-05 19:17 - 2013-08-13 12:38 - 03271472 ____H C:\bdr-bz01
 
==================== One Month Modified Files and Folders =======
 
2014-01-03 08:20 - 2013-12-22 17:57 - 00000000 ____D C:\FRST
2014-01-03 08:16 - 2013-11-01 21:00 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 07:03 - 2010-12-28 10:51 - 01920905 _____ C:\Windows\WindowsUpdate.log
2014-01-03 05:08 - 2009-07-13 23:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 05:08 - 2009-07-13 23:45 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 05:07 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 05:01 - 2013-12-28 16:03 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2014-01-03 05:01 - 2013-11-29 19:11 - 00010572 _____ C:\Windows\setupact.log
2014-01-03 05:01 - 2013-11-01 21:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 05:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 22:15 - 2013-11-29 18:20 - 00000000 ____D C:\Users\Public\CyberLink
2014-01-02 22:15 - 2013-11-29 18:11 - 00000000 ____D C:\Program Files (x86)\CyberLink
2014-01-02 07:38 - 2014-01-02 07:37 - 00000000 ____D C:\Program Files (x86)\PowerDirector12
2014-01-02 07:37 - 2014-01-02 07:37 - 00001271 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 12.lnk
2014-01-02 07:30 - 2014-01-02 07:28 - 645215712 _____ C:\Users\Valued Customer\Documents\PowerDirector_2109_GM2.5_Deluxe_VDE130917-03.exe
2014-01-02 07:24 - 2014-01-01 20:20 - 00001330 _____ C:\Users\Valued Customer\Desktop\CyberLink_PowerDirector_Downloader.lnk
2014-01-01 20:20 - 2013-10-22 09:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-01 19:38 - 2013-11-29 18:12 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2014-01-01 17:25 - 2014-01-01 17:24 - 217169424 _____ C:\Users\Valued Customer\Documents\PowerDirector_2420_GM4_Patch_Patch_VDE131113-01.exe
2014-01-01 17:22 - 2014-01-01 17:22 - 01029080 _____ (CyberLink) C:\Users\Valued Customer\CyberLink_PowerDirector_Downloader.exe
2014-01-01 17:22 - 2010-12-28 10:51 - 00000000 ____D C:\Users\Valued Customer
2013-12-30 17:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-29 18:19 - 2013-12-29 18:19 - 00000000 ____D C:\Users\Valued Customer\Documents\Family Tree Maker
2013-12-29 18:18 - 2013-12-29 18:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\The_Generations_Network
2013-12-29 14:51 - 2013-11-11 21:13 - 00007599 _____ C:\Users\Valued Customer\AppData\Local\Resmon.ResmonCfg
2013-12-28 17:19 - 2013-12-28 17:19 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-12-28 17:18 - 2013-12-28 17:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Western_Digital_Technolog
2013-12-28 17:18 - 2013-12-28 15:18 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Western Digital
2013-12-28 16:57 - 2013-12-28 16:57 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Macromedia
2013-12-28 16:57 - 2013-12-28 16:01 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\com.wd.WDMyCloud
2013-12-28 16:08 - 2010-12-28 10:51 - 00000000 ___RD C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-28 16:07 - 2012-01-06 08:22 - 00299212 _____ C:\Windows\PFRO.log
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\Program Files\Western Digital
2013-12-28 16:03 - 2013-12-28 16:03 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-12-28 16:03 - 2013-12-28 16:00 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-12-28 16:03 - 2013-12-28 15:59 - 00000000 ____D C:\ProgramData\Western Digital
2013-12-28 16:03 - 2012-01-06 09:22 - 00031338 _____ C:\Windows\DPINST.LOG
2013-12-28 16:01 - 2013-12-28 16:01 - 00001153 _____ C:\Users\Public\Desktop\WD My Cloud.lnk
2013-12-28 16:01 - 2013-12-28 16:01 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-12-28 15:59 - 2013-12-28 15:59 - 00000204 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Learning Center.url
2013-12-28 15:59 - 2013-12-28 15:59 - 00000156 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Public Share.url
2013-12-28 15:59 - 2013-12-28 15:59 - 00000152 _____ C:\Users\Valued Customer\Desktop\WD My Cloud Dashboard.url
2013-12-24 06:50 - 2013-11-03 08:44 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Apple Computer
2013-12-22 16:09 - 2013-12-22 16:09 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-22 15:45 - 2013-12-22 15:42 - 00000000 ____D C:\AdwCleaner
2013-12-22 15:33 - 2013-12-22 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 15:30 - 2013-12-22 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-22 15:26 - 2013-12-22 15:12 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-17 10:48 - 2013-12-17 10:48 - 00072554 _____ C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart.htm
2013-12-17 10:48 - 2013-12-17 10:48 - 00000000 ____D C:\Users\Valued Customer\Documents\Just for Ponies Pony Tack Shop - Your Shopping Cart_files
2013-12-15 18:23 - 2013-10-09 11:31 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 18:22 - 2010-12-28 11:15 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 17:28 - 2013-12-15 17:28 - 00000000 ____D C:\ProgramData\Citrix
2013-12-15 17:28 - 2013-11-16 09:33 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Citrix
2013-12-15 17:28 - 2013-11-16 09:33 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-15 17:23 - 2013-12-15 17:23 - 00000093 _____ C:\Users\Valued Customer\AppData\Roaming\ARCompanion.log
2013-12-15 15:33 - 2013-12-15 15:33 - 00026073 _____ C:\ComboFix.txt
2013-12-15 15:33 - 2013-12-15 15:28 - 00000000 ____D C:\Qoobox
2013-12-15 15:33 - 2013-12-15 15:28 - 00000000 ____D C:\ComboFix
2013-12-15 15:33 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-12-15 15:32 - 2013-12-15 15:28 - 00000000 ____D C:\Windows\erdnt
2013-12-15 15:32 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-15 15:11 - 2013-12-15 15:11 - 05154339 ____R (Swearware) C:\Users\Valued Customer\Desktop\ComboFix.exe
2013-12-13 06:25 - 2013-12-13 06:25 - 00001229 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2013-12-13 06:25 - 2013-10-22 11:40 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction.notebook
2013-12-12 12:17 - 2013-12-12 12:17 - 00291952 _____ C:\Users\Valued Customer\Documents\Unit_review_money_and_subtraction (1).notebook
2013-12-12 11:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 05:17 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 05:17 - 2009-07-13 23:45 - 00295440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 14:42 - 2013-11-09 08:40 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Windows Live
2013-12-09 18:39 - 2013-10-22 09:44 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-07 10:47 - 2013-12-07 10:47 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Valued Customer\Desktop\Tcpview.exe
2013-12-07 09:04 - 2013-12-07 09:04 - 00688992 ____R (Swearware) C:\Users\Valued Customer\Desktop\dds.com
2013-12-06 16:38 - 2013-11-30 09:51 - 00197120 ___SH C:\Users\Valued Customer\Thumbs.db
2013-12-05 20:21 - 2013-12-05 20:21 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2013-12-05 20:21 - 2013-12-05 19:50 - 00000000 ____D C:\ProgramData\Bitdefender
2013-12-05 20:20 - 2013-11-21 05:48 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2013-12-05 20:20 - 2013-11-20 08:45 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2013-12-05 19:50 - 2013-12-05 19:50 - 00253404 ____H C:\bdr-ld02
2013-12-05 19:50 - 2013-12-05 19:50 - 00009216 ____H C:\bdr-ld02.mbr
2013-12-05 19:50 - 2013-12-05 19:50 - 00002190 _____ C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-12-05 19:50 - 2013-12-05 19:50 - 00002071 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Plus.lnk
2013-12-05 19:50 - 2013-12-05 19:50 - 00000684 ____H C:\bdr-cf02
2013-12-05 19:50 - 2013-12-05 19:50 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Bitdefender
2013-12-05 19:50 - 2013-12-05 19:20 - 00000000 ____D C:\Program Files\Bitdefender
2013-12-05 19:50 - 2013-11-01 20:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-12-05 19:18 - 2013-12-05 19:18 - 00296064 _____ C:\Windows\Minidump\120513-7488-01.dmp
2013-12-05 19:18 - 2013-11-16 07:22 - 608095958 _____ C:\Windows\MEMORY.DMP
2013-12-05 19:18 - 2013-11-16 07:22 - 00000000 ____D C:\Windows\Minidump
2013-12-05 19:17 - 2013-12-05 19:17 - 00253404 ____H C:\bdr-ld01
2013-12-05 19:17 - 2013-12-05 19:17 - 00009216 ____H C:\bdr-ld01.mbr
2013-12-05 19:17 - 2013-12-05 19:17 - 00000684 ____H C:\bdr-cf01
 
Files to move or delete:
====================
C:\Users\Valued Customer\CyberLink_PowerDirector_Downloader.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 06:29
 
==================== End Of Log ============================
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

In reviewing this these entries should already have been removed by the tools we've run.

 

Please run these again and make sure Bitdefender is disabled while they run.

 

Open MBAM and check for updates. Go to the Settings tab and click on Scanner Settings.  Make sure that all 3 items are set to "Show in results list and check for removal"

Then go back to the Scanner tab and click on the Perform full scan and click the Scan button and do a full scan.  When done make sure you tell the program to remove all found threats.

 

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

 

Run TFC again

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Reboot the computer and let me know if you're still having any issues.

 

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted
  1. MBAM updated
  2. Full scan ran; no malicious items were found
  3. disconnected from internet
  4. Turned off BitDefender
  5. Ran AdwCleaner (AdwCleaner S1 report posted below)
  6. Ran TFC; 550MB of files cleaned; no reboot required

 # AdwCleaner v3.015 - Report created 03/01/2014 at 22:21:22

# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Valued Customer - AVA-407420-1
# Running from : G:\Malwarebytes' Anti-Malware\AdwCleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4486 octets] - [22/12/2013 15:42:54]
AdwCleaner[R1].txt - [922 octets] - [03/01/2014 22:18:30]
AdwCleaner[s0].txt - [4455 octets] - [22/12/2013 15:45:41]
AdwCleaner[s1].txt - [844 octets] - [03/01/2014 22:21:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [903 octets] ##########
Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

I am not seeing any more signs of possible infection. Ever since I ran steps 3-7 back on 12-22-13, I've not seen any attempts to reach the website which started this process. I check the MBAM logs everyday and they've been clean ever since. I typically run a quick scan each day and a full scan once a week. Of the various tools I've used throughout this process, are there any i should run on any type of a regular basis?

Thank you for all of your assistance in ridding my new machine of any possible infection.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites
JeromeAC

JeromeAC

Posted
  • Author
Posted

  1. Unable to uninstall ComboFix as directed; file could not be found/located when I attempted to run as instructed.  I double-clicked hoping i'd be presented with an Uninstall tab/radio button but I wasn't so I quickly closed the application.  After some research, I renamed the file 'uninstall.exe' and then ran it, which appears to have removed the tool.

Removed ESET antivirus from control panel.  There was a file labeled mbamgui (ESET Smar Installer) that I simply deleted; i didn't run any type of 'Uninstall' on this file

AdwCleaner removed as instructed

OTCleanit ran as instructed and machine rebooted

I'm still left with the following:

  1. Farbar Recovery Scan Tool (FRST64 and mbamscheduler files)

Junkware Removal Tool (JRT file)

System Look (SystemLook_64 file)

TFC (TFC file)

Chameleon

Anti-Rootkit

I assume I retain Chameleon and Anti-Rootkit since they are additional tools within my MBAM PRO application that I have.  As for the others, do I simply right-click and delete them and that uninstalls them or are there other steps I need to take?

All previous restore points deleted and a new one created today, 5 Jan 2014

Java was not an enabled plug-in for my default browser which is Chrome.  

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.