Jump to content

Recommended Posts

Hi, I've started getting this message about every five to ten minutes:

 

Malwarebytes Anti-Malware

Successfully blocked access to a potentially malicious website: 162.210.192.21

Type: outgoing

Port: 49927, Process: firefox.exe

 

Sometimes the Process is chrome, and at other times rundll32.exe

 

Any help would be appreciated!

 

***************************************************************************************************************************************************************************************

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by The Fontenrose at 12:09:39 on 2014-01-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.5809 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Users\The Fontenrose\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Amazon Cloud Player] C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\THEFON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\The Fontenrose\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\THEFON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\The Fontenrose\AppData\Roaming\Verizon\UA_ar\UA.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{8047FB0D-67F9-4FA9-86E4-39E8AC4B389E} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\gs_ena~1\assist~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: grreuaTsavEr: {77264820-986F-FB7D-77E5-EB37C246C3D4} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Fontenrose\AppData\Roaming\Mozilla\Firefox\Profiles\hrfohjtg.default\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\The Fontenrose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 066f0b2c;GS_Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-23 13592]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-7-14 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-23 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-31 15122208]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-1-23 113456]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-23 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-31 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-7-11 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-23 1255736]
.
=============== Created Last 30 ================
.
2014-01-01 17:12:24    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 17:10:18    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-01 17:03:18    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EE1C942-DDA9-4813-A91D-D79A0F58E449}\mpengine.dll
2013-12-31 22:29:35    --------    d-----w-    C:\ProgramData\QuickSet
2013-12-31 22:29:13    --------    d-----w-    C:\Program Files (x86)\GS_Enabler
2013-12-31 22:29:05    --------    d-----w-    C:\Users\The Fontenrose\AppData\Local\Packages
2013-12-31 22:29:05    --------    d-----w-    C:\ProgramData\grreuaTsavEr
2013-12-31 22:29:05    --------    d-----w-    C:\Program Files (x86)\grreuaTsavEr
2013-12-31 22:28:58    --------    d-----w-    C:\Users\The Fontenrose\AppData\Local\Torch
2013-12-31 22:28:58    --------    d-----w-    C:\Users\The Fontenrose\AppData\Local\Comodo
2013-12-31 22:28:58    --------    d-----w-    C:\ProgramData\89c334cc68d64dcf
2013-12-31 22:28:42    --------    d-----w-    C:\ProgramData\InstallMate
2013-12-31 15:36:05    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-24 07:28:35    --------    d-----w-    C:\Users\The Fontenrose\AppData\Local\PAYDAY 2
2013-12-19 17:25:53    --------    d-----w-    C:\Users\The Fontenrose\AppData\Roaming\Guild Wars 2
2013-12-13 23:53:47    --------    d-----w-    C:\Users\The Fontenrose\AppData\Local\Intelligent Cubes
2013-12-12 08:57:55    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:57:55    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:57:55    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 08:57:54    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 16:16:19    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 16:16:19    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 16:15:52    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 16:15:24    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 16:15:24    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 16:14:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 16:14:57    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 16:14:30    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 16:14:30    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 16:14:01    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 16:14:01    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 16:13:34    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 16:13:34    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 16:13:34    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 16:13:34    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 16:13:34    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 16:13:34    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 16:13:34    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-11 16:13:34    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-06 17:38:36    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCCB869F-3899-44C3-BA7B-6C5EAC4CBD9B}\gapaengine.dll
2013-12-05 05:40:07    --------    d-----w-    C:\Crash
2013-12-03 16:06:36    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2013-12-10 22:04:30    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:04:30    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-20 08:08:16    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-11-20 08:08:15    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-19 19:12:45    3123272    ----a-w-    C:\Windows\SysWow64\pbsvc.exe
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-04 22:44:52    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-23 10:30:23    696096    ----a-w-    C:\Windows\System32\NvFBC64.dll
2013-10-23 10:30:23    655136    ----a-w-    C:\Windows\System32\NvIFR64.dll
2013-10-23 10:30:23    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2013-10-23 10:30:23    599840    ----a-w-    C:\Windows\SysWow64\NvFBC.dll
2013-10-23 10:30:23    560416    ----a-w-    C:\Windows\SysWow64\NvIFR.dll
2013-10-23 10:30:23    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2013-10-23 10:30:23    317472    ----a-w-    C:\Windows\System32\nvoglshim64.dll
2013-10-23 10:30:23    266984    ----a-w-    C:\Windows\SysWow64\nvoglshim32.dll
2013-10-23 10:30:23    1884448    ----a-w-    C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433165.dll
2013-10-23 08:20:08    6669600    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03    3426956    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-10-18 01:36:05    1063200    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:04    955168    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 13:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
.
============= FINISH: 12:09:59.30 ===============
 

 

****************************************************************************************************************************************************************************************************************************
****************************************************************************************************************************************************************************************************************************
****************************************************************************************************************************************************************************************************************************
 
ATTACH.TXT
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2013 12:12:52 AM
System Uptime: 1/1/2014 11:39:02 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V LE
Processor: Intel® Core i5-2400 CPU @ 3.10GHz | LGA1155 | 1891/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 974.59 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 111.697 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP204: 12/26/2013 12:29:40 AM - Scheduled Checkpoint
RP205: 12/27/2013 9:59:49 AM - Windows Update
RP206: 12/31/2013 8:35:36 AM - Windows Update
.
==== Installed Programs ======================
.
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Age of Empires II: HD Edition
Alien Swarm
Amazon Cloud Player
Arma 3 Alpha
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin’s Creed IV Black Flag
Audacity 2.0.4
Avadon 2: The Corruption
Battlelog Web Plugins
BioShock 2
Borderlands 2
Brütal Legend
Cart Life
CCleaner
D3DX10
Desura
Desura: DataJack
Desura: Dominions 4: Thrones of Ascension
Dishonored
Dominions 4
Dropbox
Drox Operative 1.031
Dungeon Defenders
Dungeon of the Endless
Eldritch
Endless Space
ESN Sonar
Full Combat Rebalance 2 version 1.0
GeForce Experience NvStream Client Components
Google Chrome
Google Earth
Google Update Helper
Grim Dawn
GS_Supporter 1.80
Guacamelee! Gold Edition
Guild Wars 2
Intel® Rapid Storage Technology
Java 7 Update 45
Java Auto Updater
King Arthur's Gold
LAME v3.99.3 (for Windows)
Left 4 Dead 2
Logitech Webcam Software
LogMeIn Hamachi
LWS Webcam Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Monaco
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mumble 1.2.3
NVIDIA 3D Vision Controller Driver 331.65
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.16
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
OpenAL
Origin
Paint.NET v3.5.11
Pandora - First Contact
PAYDAY 2
Photo Common
Photo Gallery
Pivot Pro Plugin
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Running with rifles version 0.92
SAMSUNG USB Driver for Mobile Phones
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SHIELD Streaming
SpeedRunners
Spelunky
State of Decay
Steam
SUABnR
Terraria
The Witcher 2: Assassins of Kings Enhanced Edition
Torchlight II
Trine 2
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
Valdis Story: Abyssal City
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VLC media player 2.0.6
Wargame: AirLand Battle
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
12/29/2013 9:28:28 AM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-NetworkAccessProtection/Operational.
12/25/2013 12:53:17 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/1/2014 11:39:21 AM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================
 
**************************************************************************************************************************************************************************************************
 
Thanks in advance for taking a look!
Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Please uninstall all versions of Java and then read the following and post back the logs.

 


General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Hi AdvancedSetup, thanks for your help. I've followed the steps as closely as possible, apologies in advance if I've made any mistakes along the way. Had some trouble getting RogueKiller working, but eventually figured it out after a few restarts and repeats of the process. Here are the results, both the Rkill and the RKreport.

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/02/2014 02:04:51 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (PID: 4036) [uP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/02/2014 02:05:56 AM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)
 

 

**************************************************************************************************************************************************************************************************************************************************************************************

 

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : The Fontenrose [Admin rights]
Mode : Scan -- Date : 01/02/2014 02:07:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[The Fontenrose][sUSP UNIC] Verizon Wireless Software Utility Application for Android ??� Samsung.lnk : C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android ??� Samsung.lnk [-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) INTEL SSDSA2CW120G3 +++++
--- User ---
[MBR] 7d44965fc0735cbfa28e249ca3811e31
[bSP] 9f0b496f3ecd6e7885b55a7342ee906f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST31500341AS +++++
--- User ---
[MBR] 960175e205742ce1200e28ad18501ab5
[bSP] a8316ffaed31756a61cfd98692f78778 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_020754.txt >>

 

Link to post
Share on other sites

  • Root Admin

Looks okay so far...

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Thanks for your continuing help!

 

Attached are the mbar-log.txt, system-log.txt, JRT.txt, AdwCleaner[R0].txt, AdwCleaner[s0].txt, mbm-log.txt, eset.txt, FRST.txt, and Addition.txt files. I'll break this into two or three posts, as it's too long for one.

 

mbar-log.txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
The Fontenrose :: THEFONTENROSE [administrator]

1/2/2014 9:13:15 AM
mbar-log-2014-01-02 (09-13-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 262362
Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

system-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 8569102336, free: 5745528832

Downloaded database version: v2014.01.01.04
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/01/2014 10:12:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\PdiPorts.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009a2c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8008782050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009a2b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800877e050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009a2c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a2bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a2c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008782050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009a2b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80098729d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a2b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800877e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DEF91072

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 234436608
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4066EBB5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 8569102336, free: 6048182272

Downloaded database version: v2014.01.02.02
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     01/02/2014 09:13:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\PdiPorts.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009a4c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa80087a3050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009a4b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800879f050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009a4c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a4c060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80087a3050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009a4b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a4bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a4b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800879f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DEF91072

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4066EBB5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by The Fontenrose on Thu 01/02/2014 at  9:31:37.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\livesupport



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\The Fontenrose\appdata\local\torch"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\The Fontenrose\AppData\Roaming\mozilla\firefox\profiles\hrfohjtg.default\minidumps [108 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/02/2014 at  9:37:58.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner[R0].txt

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 09:43:13
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : The Fontenrose - THEFONTENROSE
# Running from : C:\Users\The Fontenrose\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\QuickSet
Folder Found C:\Users\UpdatusUser\AppData\Local\torch
Folder Found C:\Users\UpdatusUser\AppData\Local\torch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\The Fontenrose\AppData\Roaming\Mozilla\Firefox\Profiles\hrfohjtg.default\prefs.js ]



-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1829 octets] - [02/01/2014 09:43:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1889 octets] ##########
 

 

AdwCleaner[s0].txt

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 09:45:22
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : The Fontenrose - THEFONTENROSE
# Running from : C:\Users\The Fontenrose\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\The Fontenrose\AppData\Roaming\Mozilla\Firefox\Profiles\hrfohjtg.default\prefs.js ]



-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1985 octets] - [02/01/2014 09:43:13]
AdwCleaner[s0].txt - [1865 octets] - [02/01/2014 09:45:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1925 octets] ##########
 

 

 

Link to post
Share on other sites

mbam-log.txt

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
The Fontenrose :: THEFONTENROSE [administrator]

Protection: Enabled

1/2/2014 9:50:15 AM
mbam-log-2014-01-02 (09-50-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241927
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

eset.txt

 

C:\ProgramData\InstallMate\{F53D5002-F6D9-4497-A67C-BEFB2EDE72F4}\Custom.dll    Win32/InstalleRex.M application
C:\ProgramData\InstallMate\{FA31CB68-31E8-4D77-AF9C-79CA21D2E99E}\Custom.dll    Win32/InstalleRex.M application
C:\Users\All Users\InstallMate\{F53D5002-F6D9-4497-A67C-BEFB2EDE72F4}\Custom.dll    Win32/InstalleRex.M application
C:\Users\All Users\InstallMate\{FA31CB68-31E8-4D77-AF9C-79CA21D2E99E}\Custom.dll    Win32/InstalleRex.M application
C:\Users\The Fontenrose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ZIIUMLK\5emKI8Jcf[1].exe    a variant of Win32/AdWare.MultiPlug.M application
C:\Users\The Fontenrose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1L4U5K2\VjT6I18f[1].exe    a variant of Win32/AdWare.MultiPlug.M application
C:\Users\The Fontenrose\AppData\Local\Temp\{BE0D5AC6-1F8A-46B6-9D89-9CB52D19A861}\setup.exe    multiple threats
 

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by The Fontenrose at 2014-01-02 13:49:48
Running from C:\Users\The Fontenrose\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acer eDisplay Management (x32 Version: 1.37.007 - Portrait Displays, Inc.)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (x32 Version:  - Hidden Path Entertainment, Ensemble Studios)
Alien Swarm (x32 Version:  - Valve)
Amazon Cloud Player (HKCU Version: 1.5.0.341 - Amazon Services LLC)
Arma 3 Alpha (x32 Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.8.0 - Asmedia Technology)
Assassin’s Creed IV Black Flag (x32 Version:  - Ubisoft Montreal)
Audacity 2.0.4 (x32 Version: 2.0.4 - Audacity Team)
Avadon 2: The Corruption (x32 Version:  - Spiderweb Software)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Borderlands 2 (x32 Version:  - Gearbox Software)
Brütal Legend (x32 Version:  - Double Fine Productions)
Cart Life (x32 Version:  - )
CCleaner (Version: 4.09 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desura (x32 Version: 100.53 - Desura)
Desura: DataJack (x32 Version: Full - RSHAW)
Desura: Dominions 4: Thrones of Ascension (x32 Version: Full - Illwinter Game Design)
Dishonored (x32 Version: 1.0 - Bethesda Softworks)
Dominions 4 (x32 Version:  - )
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Drox Operative 1.031 (x32 Version:  - Soldak Entertainment, Inc.)
Dungeon Defenders (x32 Version:  - Trendy Entertainment)
Dungeon of the Endless (x32 Version:  - AMPLITUDE Studios)
Eldritch (x32 Version:  - Minor Key Games)
Endless Space (x32 Version:  - AMPLITUDE Studios)
ERUNT 1.1j (x32 Version:  - Lars Hederer)
ESET Online Scanner v3 (x32 Version:  - )
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Full Combat Rebalance 2 version 1.0 (x32 Version: 1.0 - Andrzej Kwiatkowski)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grim Dawn (x32 Version:  - )
GS_Supporter 1.80 (x32 Version:  - Verified Publisher) <==== ATTENTION
Guacamelee! Gold Edition (x32 Version:  - DrinkBox Studios)
Guild Wars 2 (x32 Version:  - NCsoft Corporation, Ltd.)
Intel® Rapid Storage Technology (x32 Version: 10.5.1.1001 - Intel Corporation)
King Arthur's Gold (x32 Version:  - )
LAME v3.99.3 (for Windows) (x32 Version:  - )
Left 4 Dead 2 (x32 Version:  - Valve)
Logitech Webcam Software (x32 Version: 2.51 - Logitech Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Monaco (x32 Version:  - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mumble 1.2.3 (x32 Version: 1.2.3 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7 (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
Origin (x32 Version: 9.1.12.73 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
Pandora - First Contact (x32 Version: 1.00 - Slitherine)
PAYDAY 2 (x32 Version:  - OVERKILL - a Starbreeze Studio.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Running with rifles version 0.92 (x32 Version: 0.92 - Modulaatio Games)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.32.010 - Portrait Displays, Inc.) Hidden
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
SpeedRunners (x32 Version:  - DoubleDutch Games)
Spelunky (x32 Version:  - )
State of Decay (x32 Version:  - Undead Labs)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUABnR (x32 Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.) Hidden
Terraria (x32 Version:  - )
The Witcher 2: Assassins of Kings Enhanced Edition (x32 Version:  - CD Projekt RED)
Torchlight II (x32 Version:  - Runic Games)
Trine 2 (x32 Version:  - )
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
Valdis Story: Abyssal City (x32 Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (x32 Version: 2.13.0903 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.13.0901 - Samsung Electronics Co., Ltd.)
VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)
Wargame: AirLand Battle (x32 Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777 - Xiph.Org)

==================== Restore Points  =========================

02-01-2014 07:39:33 Removed Java 7 Update 45

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E6EC3DA-25FC-409F-8C67-5DE98C7D3FBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {0E745F6E-0DC4-4E52-8246-C1B5830C7999} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
Task: {5A3534F3-3FC4-400B-98E4-D1A4485461A2} - System32\Tasks\Amazon Music Helper => C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-09-10] ()
Task: {6B91B88A-0750-437E-8FE4-FFC3260AC089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
Task: {ECAB3DA9-17A0-4DB9-AB0D-BFAECE0AD602} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-01-23 01:00 - 2012-04-13 12:19 - 00269616 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2013-12-31 15:29 - 2013-12-31 15:29 - 02759168 _____ () C:\Program Files (x86)\GS_Enabler\Assistant_x64.dll
2013-12-31 15:29 - 2013-12-31 15:29 - 03041792 _____ () C:\Program Files (x86)\GS_Enabler\Assistant.dll
2013-12-31 15:29 - 2013-12-31 15:29 - 00146768 _____ () C:\Program Files (x86)\GS_Enabler\AssistantSvc.dll
2013-03-12 16:10 - 2013-11-06 14:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-01-23 00:33 - 2013-12-11 12:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-23 00:33 - 2013-11-06 14:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-23 00:33 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-23 00:33 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-23 00:33 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\The Fontenrose\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-23 00:59 - 2012-04-13 11:56 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2013-01-23 01:00 - 2012-04-13 12:18 - 00121648 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
2013-12-11 01:58 - 2013-12-11 01:58 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-14 08:55 - 2013-08-14 08:55 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\79efa9f848ffabf9895b376add431def\IsdiInterop.ni.dll
2013-01-23 00:26 - 2011-05-19 15:34 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-10 15:04 - 2013-12-10 15:04 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39784078.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39784078.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 01:37:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/02/2014 10:21:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2014 10:21:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2014 09:49:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/02/2014 09:47:23 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8172.13 MB
Available physical RAM: 5223.03 MB
Total Pagefile: 16342.45 MB
Available Pagefile: 13264.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.26 GB) (Free:978.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:111.79 GB) (Free:111.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: DEF91072)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 4066EBB5)
Partition 1: (Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

FRST.txt (1/2)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by The Fontenrose (administrator) on THEFONTENROSE on 02-01-2014 13:49:08
Running from C:\Users\The Fontenrose\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dropbox, Inc.) C:\Users\The Fontenrose\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-19] (Intel Corporation)
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [DT ACR] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_Startup.exe [121648 2012-04-13] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
MountPoints2: {a70e35c8-6533-11e2-a48d-806e6f6e6963} - E:\Bin\assetup.exe
MountPoints2: {cb759207-7137-11e2-a873-14dae9f55c75} - F:\LaunchU3.exe -a
MountPoints2: {fcd68b1d-1ed6-11e3-80f8-14dae9f55c75} - F:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\Program Files (x86)\GS_Enabler\Assistant_x64.dll [2759168 2013-12-31] ()
AppInit_DLLs-x32: c:\progra~2\gs_ena~1\assist~1.dll [3041792 2013-12-31] ()
Startup: C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\The Fontenrose\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\The Fontenrose\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=293224&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13D1E629B821CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {F3556222-D1FA-436A-9895-57DFE3BA1072} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {F3556222-D1FA-436A-9895-57DFE3BA1072} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
BHO: grreuaTsavEr - {77264820-986F-FB7D-77E5-EB37C246C3D4} - C:\Program Files (x86)\grreuaTsavEr\UCunK1Zr.x64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\The Fontenrose\AppData\Roaming\Mozilla\Firefox\Profiles\hrfohjtg.default
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox|https://forums.malwarebytes.org/index.php?showtopic=139465

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\The Fontenrose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======

CHR RestoreOnStartup: "https://mail.google.com/mail/#inbox", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gears.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement Web App) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (YouTube) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Don't Starve) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (Poppit) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Wallet) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\The Fontenrose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 066f0b2c; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
R2 066f0b2c; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-13] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138032 2012-04-13] (Portrait Displays, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-20] ()

==================== Drivers (Whitelisted) ====================

S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20784 2012-04-13] (Portrait Displays, Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 13:49 - 2014-01-02 13:49 - 00014230 _____ C:\Users\The Fontenrose\Downloads\FRST.txt
2014-01-02 13:49 - 2014-01-02 13:49 - 00000000 ____D C:\FRST
2014-01-02 13:48 - 2014-01-02 13:48 - 01931426 _____ (Farbar) C:\Users\The Fontenrose\Downloads\FRST64.exe
2014-01-02 13:48 - 2014-01-02 13:48 - 00000897 _____ C:\Users\The Fontenrose\Desktop\eset.txt
2014-01-02 10:21 - 2014-01-02 10:21 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-02 10:20 - 2014-01-02 10:21 - 02347384 _____ (ESET) C:\Users\The Fontenrose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 09:48 - 2014-01-02 09:48 - 00002021 _____ C:\Users\The Fontenrose\Desktop\AdwCleaner[s0].txt
2014-01-02 09:44 - 2014-01-02 09:44 - 00001985 _____ C:\Users\The Fontenrose\Desktop\AdwCleaner[R0].txt
2014-01-02 09:43 - 2014-01-02 09:45 - 00000000 ____D C:\AdwCleaner
2014-01-02 09:42 - 2014-01-02 09:42 - 01233962 _____ C:\Users\The Fontenrose\Downloads\AdwCleaner.exe
2014-01-02 09:42 - 2014-01-02 09:37 - 00002203 _____ C:\Users\The Fontenrose\Desktop\JRT - Copy.txt
2014-01-02 09:37 - 2014-01-02 09:37 - 00002203 _____ C:\Users\The Fontenrose\Desktop\JRT.txt
2014-01-02 09:31 - 2014-01-02 09:31 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 09:30 - 2014-01-02 09:30 - 01036305 _____ (Thisisu) C:\Users\The Fontenrose\Downloads\JRT.exe
2014-01-02 09:10 - 2014-01-02 09:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\The Fontenrose\Downloads\mbar-1.07.0.1008.exe
2014-01-02 02:07 - 2014-01-02 02:07 - 11048736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 02565736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00557848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00539240 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00396776 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00351520 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00130536 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020784 _____ (Portrait Displays, Inc.) C:\Windows\system32\Drivers\PdiPorts.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00002376 _____ C:\Users\The Fontenrose\Desktop\RKreport[0]_S_01022014_020754.txt
2014-01-02 02:06 - 2014-01-02 02:06 - 04406784 _____ C:\Users\The Fontenrose\Downloads\RogueKillerX64(1).exe
2014-01-02 00:44 - 2014-01-02 02:07 - 00000000 ____D C:\Users\The Fontenrose\Desktop\RK_Quarantine
2014-01-02 00:44 - 2014-01-02 00:44 - 04406784 _____ C:\Users\The Fontenrose\Downloads\RogueKillerX64.exe
2014-01-02 00:43 - 2014-01-02 02:03 - 00000000 ____D C:\Windows\ERDNT
2014-01-02 00:43 - 2014-01-02 00:43 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000924 _____ C:\Users\The Fontenrose\Desktop\NTREGOPT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000905 _____ C:\Users\The Fontenrose\Desktop\ERUNT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-02 00:42 - 2014-01-02 02:05 - 00002378 _____ C:\Users\The Fontenrose\Desktop\Rkill.txt
2014-01-02 00:42 - 2014-01-02 00:43 - 00791393 _____ (Lars Hederer                                                ) C:\Users\The Fontenrose\Downloads\erunt-setup.exe
2014-01-02 00:42 - 2014-01-02 00:42 - 00000000 ____D C:\Users\The Fontenrose\Desktop\rkill
2014-01-02 00:41 - 2014-01-02 00:41 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\The Fontenrose\Downloads\rkill.exe
2014-01-02 00:41 - 2014-01-02 00:41 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\The Fontenrose\Desktop\rkill.exe
2014-01-01 12:10 - 2014-01-01 12:10 - 00010915 _____ C:\Users\The Fontenrose\Desktop\attach.txt
2014-01-01 12:10 - 2014-01-01 12:09 - 00020439 _____ C:\Users\The Fontenrose\Desktop\dds.txt
2014-01-01 11:43 - 2014-01-01 11:43 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Valdis Story Abyssal City.url
2014-01-01 11:09 - 2014-01-01 11:09 - 00688992 ____R (Swearware) C:\Users\The Fontenrose\Desktop\dds.com
2014-01-01 10:12 - 2014-01-02 09:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 10:10 - 2014-01-02 09:11 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 10:09 - 2014-01-02 09:29 - 00000000 ____D C:\Users\The Fontenrose\Desktop\mbar
2014-01-01 10:09 - 2014-01-01 10:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\The Fontenrose\Desktop\mbar-1.07.0.1008.exe
2014-01-01 10:08 - 2014-01-02 00:44 - 04406784 _____ C:\Users\The Fontenrose\Desktop\RogueKillerX64.exe
2013-12-31 15:49 - 2013-12-31 15:52 - 104690742 _____ C:\Users\The Fontenrose\Desktop\Space-Biff! Investigative Board Game Reports- Clash of Cultures Edition.mp4
2013-12-31 15:49 - 2013-12-31 15:49 - 00010843 _____ C:\Users\The Fontenrose\Desktop\investigative board game reports.wlmp
2013-12-31 15:29 - 2014-01-01 11:37 - 00000000 ____D C:\ProgramData\grreuaTsavEr
2013-12-31 15:29 - 2013-12-31 17:10 - 00000000 ____D C:\Program Files (x86)\grreuaTsavEr
2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Packages
2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Program Files (x86)\GS_Enabler
2013-12-31 15:28 - 2013-12-31 15:33 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-31 15:28 - 2013-12-31 15:29 - 00000000 ____D C:\ProgramData\89c334cc68d64dcf
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator
2013-12-27 10:34 - 2013-12-27 10:34 - 95185272 _____ (GOG.com                                                     ) C:\Users\The Fontenrose\Desktop\setup_richard_and_alice_2.0.0.5.exe
2013-12-26 10:10 - 2013-12-26 10:10 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Guacamelee! Gold Edition.url
2013-12-25 18:40 - 2013-12-25 18:40 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Grim Dawn.url
2013-12-24 00:28 - 2013-12-24 00:28 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\PAYDAY 2
2013-12-23 11:28 - 2013-12-23 11:28 - 00000222 _____ C:\Users\The Fontenrose\Desktop\SpeedRunners.url
2013-12-22 15:16 - 2013-12-22 15:16 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Age of Empires II HD Edition.url
2013-12-21 21:54 - 2013-12-21 21:54 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Brtal Legend.url
2013-12-21 19:55 - 2013-12-21 19:55 - 00000222 _____ C:\Users\The Fontenrose\Desktop\PAYDAY 2.url
2013-12-19 10:25 - 2013-12-19 10:25 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Guild Wars 2
2013-12-13 16:53 - 2013-12-13 16:54 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Intelligent Cubes
2013-12-13 16:36 - 2013-12-13 16:40 - 00000000 ____D C:\Users\The Fontenrose\Documents\BattleWorldsKronos
2013-12-12 18:21 - 2013-12-12 18:21 - 00000000 ____D C:\Users\The Fontenrose\Documents\Dungeon of the Endless
2013-12-12 17:29 - 2013-12-12 17:29 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Endless Space.url
2013-12-12 17:24 - 2013-12-12 17:24 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Dungeon of the Endless.url
2013-12-12 01:57 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 01:57 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 01:57 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 01:57 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 01:56 - 2013-11-26 04:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 01:56 - 2013-11-26 03:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 01:56 - 2013-11-26 03:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 01:56 - 2013-11-26 03:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 01:56 - 2013-11-26 02:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 01:56 - 2013-11-26 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 01:56 - 2013-11-26 02:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 01:56 - 2013-11-26 02:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 01:56 - 2013-11-26 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 01:56 - 2013-11-26 02:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 01:56 - 2013-11-26 02:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 01:56 - 2013-11-26 02:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 01:56 - 2013-11-26 02:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 01:56 - 2013-11-26 02:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 01:56 - 2013-11-26 01:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 01:56 - 2013-11-26 01:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 01:56 - 2013-11-26 01:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 01:56 - 2013-11-26 01:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 01:56 - 2013-11-26 01:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 01:56 - 2013-11-26 01:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 01:56 - 2013-11-26 01:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
 

Link to post
Share on other sites

FRST.txt (2/2)

 

 

2013-12-12 01:56 - 2013-11-26 01:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 01:56 - 2013-11-26 00:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 01:56 - 2013-11-26 00:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 01:56 - 2013-11-26 00:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 01:56 - 2013-11-26 00:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 01:56 - 2013-11-25 23:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 01:56 - 2013-11-25 23:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 01:56 - 2013-11-25 23:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 01:56 - 2013-11-25 23:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 01:56 - 2013-11-25 23:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 09:16 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 09:16 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 09:15 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 09:15 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 09:15 - 2013-10-29 18:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 09:14 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 09:14 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 09:14 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 09:14 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 09:14 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 09:14 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 09:13 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 09:13 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 09:13 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 09:13 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 09:13 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 09:13 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 09:13 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 09:13 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 01:58 - 2013-12-11 01:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-10 15:00 - 2013-12-10 15:09 - 00000000 ____D C:\Users\The Fontenrose\Documents\RaceTheSunWorlds
2013-12-05 13:30 - 2013-12-05 13:30 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Dominions 4.url
2013-12-04 22:40 - 2013-12-04 22:40 - 00000000 ____D C:\Crash
2013-12-04 00:29 - 2013-12-04 00:42 - 00000000 ____D C:\Users\The Fontenrose\Documents\Baldur's Gate - Enhanced Edition
2013-12-03 23:41 - 2013-11-19 14:17 - 00000000 ____D C:\Users\The Fontenrose\Desktop\Neocolonialism
2013-12-03 09:06 - 2013-12-03 09:06 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-03 02:12 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 02:10 - 2013-12-03 02:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 02:10 - 2013-12-03 02:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 02:10 - 2013-12-03 02:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 02:10 - 2013-12-03 02:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 02:10 - 2013-12-03 02:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 02:10 - 2013-12-03 02:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 02:10 - 2013-12-03 02:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 02:09 - 2013-12-03 02:12 - 00007785 _____ C:\Windows\IE11_main.log

==================== One Month Modified Files and Folders =======

2014-01-02 13:49 - 2014-01-02 13:49 - 00014230 _____ C:\Users\The Fontenrose\Downloads\FRST.txt
2014-01-02 13:49 - 2014-01-02 13:49 - 00000000 ____D C:\FRST
2014-01-02 13:48 - 2014-01-02 13:48 - 01931426 _____ (Farbar) C:\Users\The Fontenrose\Downloads\FRST64.exe
2014-01-02 13:48 - 2014-01-02 13:48 - 00000897 _____ C:\Users\The Fontenrose\Desktop\eset.txt
2014-01-02 13:31 - 2013-01-23 00:24 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 13:04 - 2013-01-23 11:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 12:44 - 2013-01-23 00:12 - 02042420 _____ C:\Windows\WindowsUpdate.log
2014-01-02 11:51 - 2013-01-23 00:52 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Dropbox
2014-01-02 11:38 - 2013-01-23 00:24 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 10:21 - 2014-01-02 10:21 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-02 10:21 - 2014-01-02 10:20 - 02347384 _____ (ESET) C:\Users\The Fontenrose\Downloads\esetsmartinstaller_enu.exe
2014-01-02 09:54 - 2009-07-13 21:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 09:54 - 2009-07-13 21:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 09:53 - 2009-07-13 22:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 09:48 - 2014-01-02 09:48 - 00002021 _____ C:\Users\The Fontenrose\Desktop\AdwCleaner[s0].txt
2014-01-02 09:48 - 2013-01-23 00:55 - 00000000 ___RD C:\Users\The Fontenrose\Dropbox
2014-01-02 09:47 - 2013-11-03 12:02 - 00015558 _____ C:\Windows\setupact.log
2014-01-02 09:47 - 2013-07-14 20:48 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\LogMeIn Hamachi
2014-01-02 09:47 - 2013-01-23 00:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-02 09:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 09:45 - 2014-01-02 09:43 - 00000000 ____D C:\AdwCleaner
2014-01-02 09:44 - 2014-01-02 09:44 - 00001985 _____ C:\Users\The Fontenrose\Desktop\AdwCleaner[R0].txt
2014-01-02 09:42 - 2014-01-02 09:42 - 01233962 _____ C:\Users\The Fontenrose\Downloads\AdwCleaner.exe
2014-01-02 09:37 - 2014-01-02 09:42 - 00002203 _____ C:\Users\The Fontenrose\Desktop\JRT - Copy.txt
2014-01-02 09:37 - 2014-01-02 09:37 - 00002203 _____ C:\Users\The Fontenrose\Desktop\JRT.txt
2014-01-02 09:31 - 2014-01-02 09:31 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 09:30 - 2014-01-02 09:30 - 01036305 _____ (Thisisu) C:\Users\The Fontenrose\Downloads\JRT.exe
2014-01-02 09:29 - 2014-01-01 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 09:29 - 2014-01-01 10:09 - 00000000 ____D C:\Users\The Fontenrose\Desktop\mbar
2014-01-02 09:11 - 2014-01-01 10:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-02 09:10 - 2014-01-02 09:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\The Fontenrose\Downloads\mbar-1.07.0.1008.exe
2014-01-02 02:07 - 2014-01-02 02:07 - 11048736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 02565736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00557848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00539240 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00396776 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00351520 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00130536 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020784 _____ (Portrait Displays, Inc.) C:\Windows\system32\Drivers\PdiPorts.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 02:07 - 2014-01-02 02:07 - 00002376 _____ C:\Users\The Fontenrose\Desktop\RKreport[0]_S_01022014_020754.txt
2014-01-02 02:07 - 2014-01-02 00:44 - 00000000 ____D C:\Users\The Fontenrose\Desktop\RK_Quarantine
2014-01-02 02:06 - 2014-01-02 02:06 - 04406784 _____ C:\Users\The Fontenrose\Downloads\RogueKillerX64(1).exe
2014-01-02 02:05 - 2014-01-02 00:42 - 00002378 _____ C:\Users\The Fontenrose\Desktop\Rkill.txt
2014-01-02 02:03 - 2014-01-02 00:43 - 00000000 ____D C:\Windows\ERDNT
2014-01-02 00:44 - 2014-01-02 00:44 - 04406784 _____ C:\Users\The Fontenrose\Downloads\RogueKillerX64.exe
2014-01-02 00:44 - 2014-01-01 10:08 - 04406784 _____ C:\Users\The Fontenrose\Desktop\RogueKillerX64.exe
2014-01-02 00:43 - 2014-01-02 00:43 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000924 _____ C:\Users\The Fontenrose\Desktop\NTREGOPT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000905 _____ C:\Users\The Fontenrose\Desktop\ERUNT.lnk
2014-01-02 00:43 - 2014-01-02 00:43 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-02 00:43 - 2014-01-02 00:42 - 00791393 _____ (Lars Hederer                                                ) C:\Users\The Fontenrose\Downloads\erunt-setup.exe
2014-01-02 00:43 - 2013-01-23 00:13 - 00000000 ___RD C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-02 00:42 - 2014-01-02 00:42 - 00000000 ____D C:\Users\The Fontenrose\Desktop\rkill
2014-01-02 00:41 - 2014-01-02 00:41 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\The Fontenrose\Downloads\rkill.exe
2014-01-02 00:41 - 2014-01-02 00:41 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\The Fontenrose\Desktop\rkill.exe
2014-01-01 12:10 - 2014-01-01 12:10 - 00010915 _____ C:\Users\The Fontenrose\Desktop\attach.txt
2014-01-01 12:09 - 2014-01-01 12:10 - 00020439 _____ C:\Users\The Fontenrose\Desktop\dds.txt
2014-01-01 11:43 - 2014-01-01 11:43 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Valdis Story Abyssal City.url
2014-01-01 11:39 - 2013-12-01 10:53 - 00004506 _____ C:\Windows\PFRO.log
2014-01-01 11:37 - 2013-12-31 15:29 - 00000000 ____D C:\ProgramData\grreuaTsavEr
2014-01-01 11:09 - 2014-01-01 11:09 - 00688992 ____R (Swearware) C:\Users\The Fontenrose\Desktop\dds.com
2014-01-01 11:04 - 2013-10-10 16:08 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\uTorrent
2014-01-01 10:54 - 2013-07-12 12:49 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Dominions4
2014-01-01 10:09 - 2014-01-01 10:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\The Fontenrose\Desktop\mbar-1.07.0.1008.exe
2013-12-31 18:55 - 2013-01-23 11:50 - 00000000 ____D C:\Users\The Fontenrose\Documents\1- Space-Biff!
2013-12-31 17:46 - 2013-11-03 11:00 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-31 17:46 - 2013-11-03 11:00 - 00000000 ____D C:\Program Files\CCleaner
2013-12-31 17:10 - 2013-12-31 15:29 - 00000000 ____D C:\Program Files (x86)\grreuaTsavEr
2013-12-31 15:52 - 2013-12-31 15:49 - 104690742 _____ C:\Users\The Fontenrose\Desktop\Space-Biff! Investigative Board Game Reports- Clash of Cultures Edition.mp4
2013-12-31 15:49 - 2013-12-31 15:49 - 00010843 _____ C:\Users\The Fontenrose\Desktop\investigative board game reports.wlmp
2013-12-31 15:35 - 2013-01-25 13:49 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Paint.NET
2013-12-31 15:33 - 2013-12-31 15:28 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Packages
2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Program Files (x86)\GS_Enabler
2013-12-31 15:29 - 2013-12-31 15:28 - 00000000 ____D C:\ProgramData\89c334cc68d64dcf
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Guest
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Administrator
2013-12-31 15:28 - 2013-01-23 00:24 - 00000000 ___HD C:\Users\The Fontenrose\AppData\Local\Google
2013-12-31 15:06 - 2013-02-15 16:13 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Windows Live
2013-12-27 10:34 - 2013-12-27 10:34 - 95185272 _____ (GOG.com                                                     ) C:\Users\The Fontenrose\Desktop\setup_richard_and_alice_2.0.0.5.exe
2013-12-26 10:10 - 2013-12-26 10:10 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Guacamelee! Gold Edition.url
2013-12-25 19:26 - 2013-01-23 13:47 - 00000000 ____D C:\Users\The Fontenrose\Documents\My Games
2013-12-25 18:40 - 2013-12-25 18:40 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Grim Dawn.url
2013-12-24 01:18 - 2013-03-31 14:00 - 00000000 ____D C:\Users\The Fontenrose\Documents\Spiderweb Software
2013-12-24 01:08 - 2013-05-19 22:28 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Mumble
2013-12-24 00:28 - 2013-12-24 00:28 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\PAYDAY 2
2013-12-23 16:02 - 2013-02-06 13:59 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-12-23 16:01 - 2013-02-06 13:59 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-12-23 15:58 - 2013-01-23 00:58 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-23 13:26 - 2013-04-04 09:05 - 00000000 ____D C:\Users\The Fontenrose\Documents\SavedGames
2013-12-23 11:28 - 2013-12-23 11:28 - 00000222 _____ C:\Users\The Fontenrose\Desktop\SpeedRunners.url
2013-12-22 16:30 - 2013-09-09 10:40 - 00000000 ____D C:\Users\The Fontenrose\Desktop\Afterlife
2013-12-22 15:16 - 2013-12-22 15:16 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Age of Empires II HD Edition.url
2013-12-22 00:21 - 2013-02-13 21:30 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-21 21:54 - 2013-12-21 21:54 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Brtal Legend.url
2013-12-21 19:55 - 2013-12-21 19:55 - 00000222 _____ C:\Users\The Fontenrose\Desktop\PAYDAY 2.url
2013-12-19 10:25 - 2013-12-19 10:25 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Guild Wars 2
2013-12-19 10:25 - 2013-03-27 10:25 - 00000000 ____D C:\Users\The Fontenrose\Documents\Guild Wars 2
2013-12-18 13:31 - 2013-01-23 00:55 - 00001006 _____ C:\Users\The Fontenrose\Desktop\Dropbox.lnk
2013-12-18 13:31 - 2013-01-23 00:53 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-16 01:39 - 2013-08-14 01:21 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 01:38 - 2013-01-23 14:34 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 16:54 - 2013-12-13 16:53 - 00000000 ____D C:\Users\The Fontenrose\AppData\Local\Intelligent Cubes
2013-12-13 16:53 - 2013-01-26 22:45 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-13 16:53 - 2013-01-26 22:45 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-13 16:40 - 2013-12-13 16:36 - 00000000 ____D C:\Users\The Fontenrose\Documents\BattleWorldsKronos
2013-12-13 01:32 - 2013-04-04 11:57 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-13 01:32 - 2013-01-23 00:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 18:21 - 2013-12-12 18:21 - 00000000 ____D C:\Users\The Fontenrose\Documents\Dungeon of the Endless
2013-12-12 17:29 - 2013-12-12 17:29 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Endless Space.url
2013-12-12 17:24 - 2013-12-12 17:24 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Dungeon of the Endless.url
2013-12-12 11:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 09:51 - 2009-07-13 21:45 - 00321272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 01:57 - 2013-01-23 11:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 09:15 - 2013-01-23 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 01:58 - 2013-12-11 01:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 01:50 - 2013-10-15 14:11 - 00000000 ____D C:\Users\The Fontenrose\Desktop\ebay
2013-12-10 15:09 - 2013-12-10 15:00 - 00000000 ____D C:\Users\The Fontenrose\Documents\RaceTheSunWorlds
2013-12-10 15:04 - 2013-01-23 11:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 15:04 - 2013-01-23 11:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 15:04 - 2013-01-23 11:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-09 23:38 - 2013-08-19 00:54 - 00000000 ____D C:\Users\The Fontenrose\Documents\Emilie
2013-12-06 11:26 - 2013-01-23 00:24 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 11:26 - 2013-01-23 00:24 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 15:28 - 2013-01-23 00:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-05 13:30 - 2013-12-05 13:30 - 00000222 _____ C:\Users\The Fontenrose\Desktop\Dominions 4.url
2013-12-04 22:40 - 2013-12-04 22:40 - 00000000 ____D C:\Crash
2013-12-04 00:42 - 2013-12-04 00:29 - 00000000 ____D C:\Users\The Fontenrose\Documents\Baldur's Gate - Enhanced Edition
2013-12-03 23:41 - 2013-02-07 13:54 - 00000000 ____D C:\Users\The Fontenrose\Desktop\Little Things
2013-12-03 13:07 - 2013-01-29 16:21 - 00000000 ____D C:\Users\The Fontenrose\AppData\Roaming\vlc
2013-12-03 09:06 - 2013-12-03 09:06 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-03 09:06 - 2013-07-14 20:48 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-12-03 09:06 - 2013-01-23 00:13 - 00001413 _____ C:\Users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 09:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 02:12 - 2013-12-03 02:09 - 00007785 _____ C:\Windows\IE11_main.log
2013-12-03 02:10 - 2013-12-03 02:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 02:10 - 2013-12-03 02:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 02:10 - 2013-12-03 02:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 02:10 - 2013-12-03 02:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 02:10 - 2013-12-03 02:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 02:10 - 2013-12-03 02:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 02:10 - 2013-12-03 02:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 02:10 - 2013-12-03 02:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 02:10 - 2013-12-03 02:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\The Fontenrose\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\The Fontenrose\AppData\Local\Temp\ntdll_dump.dll
C:\Users\The Fontenrose\AppData\Local\Temp\Quarantine.exe
C:\Users\The Fontenrose\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 09:00

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Thanks for the continuing help... Here's the fixlog.txt:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01
Ran by The Fontenrose at 2014-01-02 14:29:54 Run:1
Running from C:\Users\The Fontenrose\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
Task: {0E745F6E-0DC4-4E52-8246-C1B5830C7999} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
Task: {6B91B88A-0750-437E-8FE4-FFC3260AC089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
MountPoints2: {a70e35c8-6533-11e2-a48d-806e6f6e6963} - E:\Bin\assetup.exe
MountPoints2: {cb759207-7137-11e2-a873-14dae9f55c75} - F:\LaunchU3.exe -a
MountPoints2: {fcd68b1d-1ed6-11e3-80f8-14dae9f55c75} - F:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\Program Files (x86)\GS_Enabler\Assistant_x64.dll [2759168 2013-12-31] ()
AppInit_DLLs-x32: c:\progra~2\gs_ena~1\assist~1.dll [3041792 2013-12-31] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.yahoo....&type=293224&p={searchTerms}
SearchScopes: HKCU - {F3556222-D1FA-436A-9895-57DFE3BA1072} URL = http://search.yahoo....&type=293224&p={searchTerms}
BHO: grreuaTsavEr - {77264820-986F-FB7D-77E5-EB37C246C3D4} - C:\Program Files (x86)\grreuaTsavEr\UCunK1Zr.x64.dll No File
R2 066f0b2c; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
R2 066f0b2c; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-13] (Microsoft Corporation)
C:\Users\The Fontenrose\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\The Fontenrose\AppData\Local\Temp\ntdll_dump.dll
C:\Users\The Fontenrose\AppData\Local\Temp\Quarantine.exe
C:\Users\The Fontenrose\AppData\Local\Temp\sonarinst.exe

*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E745F6E-0DC4-4E52-8246-C1B5830C7999} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E745F6E-0DC4-4E52-8246-C1B5830C7999} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91B88A-0750-437E-8FE4-FFC3260AC089} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91B88A-0750-437E-8FE4-FFC3260AC089} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a70e35c8-6533-11e2-a48d-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{a70e35c8-6533-11e2-a48d-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb759207-7137-11e2-a873-14dae9f55c75} => Key deleted successfully.
HKCR\CLSID\{cb759207-7137-11e2-a873-14dae9f55c75} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcd68b1d-1ed6-11e3-80f8-14dae9f55c75} => Key deleted successfully.
HKCR\CLSID\{fcd68b1d-1ed6-11e3-80f8-14dae9f55c75} => Key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3556222-D1FA-436A-9895-57DFE3BA1072} => Key deleted successfully.
HKCR\CLSID\{F3556222-D1FA-436A-9895-57DFE3BA1072} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77264820-986F-FB7D-77E5-EB37C246C3D4} => Key deleted successfully.
HKCR\CLSID\{77264820-986F-FB7D-77E5-EB37C246C3D4} => Key deleted successfully.
066f0b2c => Service deleted successfully.
066f0b2c => Service not found.
C:\Users\The Fontenrose\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully.
C:\Users\The Fontenrose\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\The Fontenrose\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\The Fontenrose\AppData\Local\Temp\sonarinst.exe => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from your Control Panel, Add\Remove
 
Then run the following
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

Then restart the computer and run the following

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Link to post
Share on other sites

I did the first step, though the TFC website said it was offline.

 

Here's the JavaRa.txt:

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 02 15:54:53 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.


 

Link to post
Share on other sites

  • Root Admin

No, that's fine if you already got TFC

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Okay, I ran ComboFix successfully. Here's the log report:

 

ComboFix 14-01-01.01 - The Fontenrose 01/02/2014  17:20:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.5438 [GMT -7:00]
Running from: c:\users\The Fontenrose\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Recent\Leviathan Warships.url
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-03 to 2014-01-03  )))))))))))))))))))))))))))))))
.
.
2014-01-03 00:25 . 2014-01-03 00:25    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-01-03 00:25 . 2014-01-03 00:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-02 21:43 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B038E684-ECCE-427F-AE0B-BBD123310218}\mpengine.dll
2014-01-02 20:49 . 2014-01-02 21:29    --------    d-----w-    C:\FRST
2014-01-02 17:21 . 2014-01-02 17:21    --------    d-----w-    c:\program files (x86)\ESET
2014-01-02 16:43 . 2014-01-02 16:45    --------    d-----w-    C:\AdwCleaner
2014-01-02 16:31 . 2014-01-02 16:31    --------    d-----w-    c:\windows\ERUNT
2014-01-02 07:43 . 2014-01-02 07:43    --------    d-----w-    c:\program files (x86)\ERUNT
2014-01-01 17:12 . 2014-01-02 16:29    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-01 17:10 . 2014-01-02 16:11    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-01 17:03 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-31 22:29 . 2013-12-31 22:29    --------    d-----w-    c:\program files (x86)\GS_Enabler
2013-12-31 22:29 . 2014-01-01 18:37    --------    d-----w-    c:\programdata\grreuaTsavEr
2013-12-31 22:29 . 2014-01-01 00:10    --------    d-----w-    c:\program files (x86)\grreuaTsavEr
2013-12-31 22:29 . 2013-12-31 22:29    --------    d-----w-    c:\users\The Fontenrose\AppData\Local\Packages
2013-12-31 22:28 . 2013-12-31 22:29    --------    d-----w-    c:\programdata\89c334cc68d64dcf
2013-12-31 22:28 . 2013-12-31 22:28    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\Google
2013-12-31 22:28 . 2013-12-31 22:28    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\Comodo
2013-12-31 22:28 . 2013-12-31 22:28    --------    d-----w-    c:\users\The Fontenrose\AppData\Local\Comodo
2013-12-31 22:28 . 2013-12-31 22:28    --------    d-----w-    c:\users\Guest
2013-12-31 22:28 . 2013-12-31 22:28    --------    d-----w-    c:\users\Administrator
2013-12-31 22:28 . 2013-12-31 22:33    --------    d-----w-    c:\programdata\InstallMate
2013-12-24 07:28 . 2013-12-24 07:28    --------    d-----w-    c:\users\The Fontenrose\AppData\Local\PAYDAY 2
2013-12-19 17:25 . 2013-12-19 17:25    --------    d-----w-    c:\users\The Fontenrose\AppData\Roaming\Guild Wars 2
2013-12-13 23:53 . 2013-12-13 23:54    --------    d-----w-    c:\users\The Fontenrose\AppData\Local\Intelligent Cubes
2013-12-12 08:57 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 08:57 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:57 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:57 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:57 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-11 16:16 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 16:16 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-11 16:15 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 16:15 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-11 16:15 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 16:14 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 16:14 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-11 16:14 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 16:14 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-11 16:14 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 16:14 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 16:13 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 16:13 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 16:13 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-11 16:13 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-11 16:13 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 16:13 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 16:13 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-11 16:13 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-06 17:38 . 2013-10-18 17:16    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCCB869F-3899-44C3-BA7B-6C5EAC4CBD9B}\gapaengine.dll
2013-12-05 05:40 . 2013-12-05 05:40    --------    d-----w-    C:\Crash
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-16 08:38 . 2013-01-23 21:34    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-10 22:04 . 2013-01-23 18:27    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:04 . 2013-01-23 18:27    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-03 09:10 . 2013-12-03 09:10    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 09:10 . 2013-12-03 09:10    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-03 09:10 . 2013-12-03 09:10    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 09:10 . 2013-12-03 09:10    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-03 09:10 . 2013-12-03 09:10    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-03 09:10 . 2013-12-03 09:10    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 09:10 . 2013-12-03 09:10    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-03 09:10 . 2013-12-03 09:10    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-03 09:10 . 2013-12-03 09:10    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-03 09:10 . 2013-12-03 09:10    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-03 09:10 . 2013-12-03 09:10    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-03 09:10 . 2013-12-03 09:10    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 09:10 . 2013-12-03 09:10    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 09:10 . 2013-12-03 09:10    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 09:10 . 2013-12-03 09:10    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-12-03 09:10 . 2013-12-03 09:10    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 09:10 . 2013-12-03 09:10    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-03 09:10 . 2013-12-03 09:10    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-12-03 09:10 . 2013-12-03 09:10    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-03 09:10 . 2013-12-03 09:10    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-03 09:10 . 2013-12-03 09:10    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-03 09:10 . 2013-12-03 09:10    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-03 09:10 . 2013-12-03 09:10    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-03 09:10 . 2013-12-03 09:10    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-12-03 09:10 . 2013-12-03 09:10    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 09:10 . 2013-12-03 09:10    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 09:10 . 2013-12-03 09:10    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 09:10 . 2013-12-03 09:10    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-03 09:10 . 2013-12-03 09:10    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-03 09:10 . 2013-12-03 09:10    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-03 09:10 . 2013-12-03 09:10    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-12-03 09:10 . 2013-12-03 09:10    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-03 09:10 . 2013-12-03 09:10    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-03 09:10 . 2013-12-03 09:10    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-03 09:10 . 2013-12-03 09:10    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-03 09:10 . 2013-12-03 09:10    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-03 09:10 . 2013-12-03 09:10    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-03 09:10 . 2013-12-03 09:10    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-03 09:10 . 2013-12-03 09:10    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 09:10 . 2013-12-03 09:10    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-03 09:10 . 2013-12-03 09:10    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-03 09:10 . 2013-12-03 09:10    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-03 09:10 . 2013-12-03 09:10    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-03 09:10 . 2013-12-03 09:10    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-03 09:10 . 2013-12-03 09:10    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-03 09:10 . 2013-12-03 09:10    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-12-03 09:10 . 2013-12-03 09:10    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-03 09:10 . 2013-12-03 09:10    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-03 09:10 . 2013-12-03 09:10    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-03 09:10 . 2013-12-03 09:10    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-03 09:10 . 2013-12-03 09:10    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-03 09:10 . 2013-12-03 09:10    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-03 09:10 . 2013-12-03 09:10    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-03 09:10 . 2013-12-03 09:10    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-03 09:10 . 2013-12-03 09:10    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-12-03 09:10 . 2013-12-03 09:10    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-03 09:10 . 2013-12-03 09:10    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-03 09:10 . 2013-12-03 09:10    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-03 09:10 . 2013-12-03 09:10    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-20 08:08 . 2013-05-30 23:04    189248    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2013-11-20 08:08 . 2013-05-30 23:04    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2013-11-19 19:12 . 2013-11-20 08:08    3123272    ----a-w-    c:\windows\SysWow64\pbsvc.exe
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-04 22:44 . 2013-05-30 23:04    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2013-10-23 10:30 . 2013-11-01 03:08    696096    ----a-w-    c:\windows\system32\NvFBC64.dll
2013-10-23 10:30 . 2013-11-01 03:08    655136    ----a-w-    c:\windows\system32\NvIFR64.dll
2013-10-23 10:30 . 2013-11-01 03:08    599840    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2013-10-23 10:30 . 2013-11-01 03:08    560416    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2013-10-23 10:30 . 2013-11-01 03:08    317472    ----a-w-    c:\windows\system32\nvoglshim64.dll
2013-10-23 10:30 . 2013-11-01 03:08    266984    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2013-10-23 10:30 . 2013-11-01 03:08    1884448    ----a-w-    c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-11-01 03:08    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-01-23 07:43    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2013-01-23 07:43    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-10-23 08:20 . 2013-01-23 07:43    6669600    ----a-w-    c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-01-23 07:43    3489568    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-01-23 07:43    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-01-23 07:43    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-01-23 07:43    219424    ----a-w-    c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-01-23 07:43    3426956    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-10-18 17:16 . 2013-03-12 16:47    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-18 01:36 . 2013-11-01 03:11    1063200    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-10-18 01:36 . 2013-11-01 03:11    955168    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-10-16 16:06 . 2013-10-16 16:06    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-15 01:00 . 2013-12-03 09:12    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 18:21    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 18:21    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 18:21    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 18:21    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 18:21    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 18:23    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 18:23    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"Amazon Cloud Player"="c:\users\The Fontenrose\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-09-11 3109376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2012-04-13 121648]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\The Fontenrose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\The Fontenrose\AppData\Roaming\Verizon\UA_ar\UA.exe [2013-9-6 871280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 22:25    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\The Fontenrose\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\The Fontenrose\AppData\Roaming\Mozilla\Firefox\Profiles\hrfohjtg.default\


.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-39784078.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-NVIDIAStereo - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1517359867-775996686-359867435-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,05,08,20,1f,14,8e,50,b4,fc,1b,93,ee,f8,1c,2c,47,61,be,24,43,
   9b,af,b8,41,19,33,40,cc,13,97,0f,70,bd,a4,8e,46,89,4a,0b,06,a6,d8,05,65,0f,\
"rkeysecu"=hex:55,6e,79,85,4e,dc,68,50,63,79,38,24,55,93,54,d3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-02  17:26:31
ComboFix-quarantined-files.txt  2014-01-03 00:26
.
Pre-Run: 1,051,026,739,200 bytes free
Post-Run: 1,050,629,251,072 bytes free
.
- - End Of File - - F0297D83BC2A264EEC59C7F49F85BCD8
 

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

 

Are there still any signs of an infection or anymore IP blocks?

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

My system seems to be running more smoothly, and Malwarebytes hasn't blocked any IPs since the battery of scans and fixes this morning.  Thanks so much for your help! Here's the checkup.txt:

 

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.