Missoulian Posted January 28, 2014 ID:783681 Share Posted January 28, 2014 Every time I attempt to run a full system scan with Malwarebytes my computer reboots unexpectedly midway through the process. Per Malwarebytes suggestion I downloaded the dds.src file under the topic "I'm Infected - What to do Now?" discussion. Attached below are my two logs. Please Help!Thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428Run by rsimonson at 12:15:44 on 2014-01-28Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3407.600 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}AV: Trend Micro Security Agent *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}SP: Trend Micro Security Agent Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\DisplayLink Core Software\DisplayLinkManager.exeC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\GManager.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeC:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Windows\System32\rundll32.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Cypress\TrackPad\CyCpIo.exeC:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exeC:\Program Files\Cypress\TrackPad\CyHidWin.exeC:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Users\rsimonson\AppData\Roaming\Google\Google Talk\googletalk.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Users\rsimonson\AppData\Local\Apps\2.0\NP02JXVQ.OG2\AV3LWTYN.DQY\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exeC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Qantel Technologies Inc\Qantel QIC-PC II\Qicpciiw.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXEC:\Windows\system32\taskhost.exeC:\Windows\explorer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uDefault_Page_URL = www.dell.commWinlogon: Userinit = userinit.exe,BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLLuRun: [googletalk] C:\Users\rsimonson\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [DellSystemDetect] C:\Users\rsimonson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-msmRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exemRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindowmRunOnce: [spUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /fuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: NoWelcomeScreen = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTrusted Zone: dell.comTCP: NameServer = 10.1.1.2TCP: Interfaces\{893C25A4-A448-47FD-A57F-0F0D111366F6} : NameServer = 10.1.1.2TCP: Interfaces\{893C25A4-A448-47FD-A57F-0F0D111366F6} : DHCPNameServer = 10.1.1.2TCP: Interfaces\{A382D2E0-9B1C-4CE2-A18E-0F6334C018AC} : DHCPNameServer = 192.168.0.1 205.171.2.25TCP: Interfaces\{A382D2E0-9B1C-4CE2-A18E-0F6334C018AC}\3596D6F6E637F6E684F6573756 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A382D2E0-9B1C-4CE2-A18E-0F6334C018AC}\64965627F6 : DHCPNameServer = 10.1.1.2TCP: Interfaces\{A382D2E0-9B1C-4CE2-A18E-0F6334C018AC}\D416272796F64747021405F523 : DHCPNameServer = 4.2.2.1TCP: Interfaces\{B5ABC563-7C1E-4C97-BFA1-EE581D5CD499} : DHCPNameServer = 10.1.1.2Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLLHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLx64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtilx64-Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPosx64-Run: [OfficeScanNT Monitor] -HideWindowx64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exex64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\rsimonson\AppData\Roaming\Mozilla\Firefox\Profiles\poqb40nw.default\FF - prefs.js: browser.search.selectedEngine - Conduit SearchFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLLFF - plugin: C:\Users\rsimonson\AppData\Local\Citrix\Plugins\104\npappdetector.dll.============= SERVICES / DRIVERS ===============.R0 mctkmdldr;mctkmdldr;C:\Windows\System32\drivers\mctKmdldr64.sys [2013-6-28 19584]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-27 55856]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-27 98208]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-11 9281840]R2 GManager;GManager;C:\Windows\System32\GManager.exe [2013-6-28 311160]R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-11-10 121856]R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2013-6-28 199296]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-25 1907896]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-3-27 199272]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-3-27 1695040]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-10-30 65872]R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmxpflt.sys [2012-12-4 344864]R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-12-4 42272]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-11-19 2594584]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-3-27 172704]R3 cyhid;Cypress Input Device;C:\Windows\System32\drivers\cyhid.sys [2013-1-10 148480]R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\System32\drivers\cykbfltr.sys [2013-3-27 20992]R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\System32\drivers\cymfltr.sys [2013-3-27 98816]R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [2013-10-7 44944]R3 dlcdcncm6_x64;dlcdcncm6_x64;C:\Windows\System32\drivers\dlcdcncm6_x64.sys [2013-10-11 80688]R3 dlusbaudio;dlusbaudio;C:\Windows\System32\drivers\dlusbaudio_x64.sys [2013-10-11 202128]R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2013-3-27 215296]R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2011-11-10 25024]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-19 331264]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-18 46568]R3 mctkmd;mctkmd;C:\Windows\System32\drivers\mctkmd64.sys [2013-6-28 135296]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\System32\drivers\t1pusb64.sys [2013-6-20 172544]R3 TmProxy;Trend Micro Security Agent NT Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-8-8 918064]S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/03/27 19:37:58;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-3-27 158976]S3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-3-27 26504]S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\System32\drivers\lan9500-x64-n51f.sys [2013-3-27 67584]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-28 80384]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-28 180736]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-3-26 178760]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-24 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-24 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-24 30208]S3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2013-11-19 17008]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-24 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2014-01-28 18:35:48 -------- d-----w- C:\Program Files (x86)\SearchProtect2014-01-28 18:33:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{256FF197-669F-4D94-A281-92E772D46338}\offreg.dll2014-01-28 15:22:51 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{256FF197-669F-4D94-A281-92E772D46338}\mpengine.dll2014-01-26 21:41:37 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-01-23 15:38:30 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9447AD65-0CA4-4BEF-AFA6-631DC3056DCC}\gapaengine.dll2014-01-15 15:07:41 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 15:07:41 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 15:07:41 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 15:07:41 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 15:07:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 15:07:40 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 15:07:40 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 15:07:38 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-15 15:07:37 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-14 18:41:04 -------- d-----w- C:\Users\rsimonson\AppData\Roaming\Roxio Log Files2014-01-11 05:49:49 -------- d-----w- C:\ProgramData\Trend Micro2014-01-07 16:38:35 -------- d-----w- C:\Users\rsimonson\AppData\Local\ElevatedDiagnostics.==================== Find3M ====================.2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-12-11 03:27:48 71048 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-11 03:27:48 692616 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-19 18:55:59 90112 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll.============= FINISH: 12:16:09.16 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2Install Date: 4/24/2013 10:23:02 AMSystem Uptime: 1/28/2014 8:12:16 AM (4 hours ago).Motherboard: Dell Inc. | | 085X6FProcessor: Intel® Core i5-2467M CPU @ 1.60GHz | CPU | 1601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 106 GiB total, 67.019 GiB free..==== Disabled Device Manager Items =============.Class GUID: Description: Fresco Logic USB Root HubDevice ID: USB\ROOT_HUB_FL30\5&9F3624E&0Manufacturer: Name: Fresco Logic USB Root HubPNP Device ID: USB\ROOT_HUB_FL30\5&9F3624E&0Service: .==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.64 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.9)Advanced Audio FX EngineCitrix Online LauncherCutePDF Writer 3.0CyberLink PowerDVD 9.6Cypress TrackPadD3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell Support CenterDell System DetectDell Webcam CentralDisplayLink Core SoftwareDisplayLink GraphicsGoogle ChromeGoogle Talk (remove only)Google Update HelperGoToMeeting 6.0.0.1259Intel PROSet WirelessIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® Smart Connect Technology 2.0 x64Intel® PROSet/Wireless WiFi SoftwareiTivityJunk Mail filter updateLive! Cam Avatar CreatorMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office Home and Business 2013 - en-usMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual J# 2.0 Redistributable Package - SE (x64)Mozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Office 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentQantel QIC-PC II (x86-64)Quickset64Realtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)SmarTerm Essential 9.0TOSHIBA USB Display DriversTrend Micro Worry-Free Business Security AgentTrigger External Graphics Family 12.01.0411.0179Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)VMware vSphere Client 4.0Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.1/28/2014 8:12:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom1/27/2014 8:12:05 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain FIEROFP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.1/27/2014 12:57:49 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.1/27/2014 10:16:27 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.1/26/2014 9:50:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{893C25A4-A448-47FD-A57F-0F0D111366F6} because another computer on the network has the same name. The server could not start.1/26/2014 9:36:19 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .1/26/2014 2:31:30 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.1/23/2014 10:51:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted February 2, 2014 ID:785798 Share Posted February 2, 2014 Hello Missoulian and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 I notice that you are using more than one antivirus program.Microsoft Security EssentialsTrend Micro Worry-Free Business Security AgentThis is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them. When you are done, please reboot your system. Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Full Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 6, 2014 Root Admin ID:787369 Share Posted February 6, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 6, 2014 Root Admin ID:787662 Share Posted February 6, 2014 Topic reopen per user request. Link to post Share on other sites More sharing options...
Missoulian Posted February 6, 2014 Author ID:787668 Share Posted February 6, 2014 Thank you for reopening! Here are the logs, I ran both JunkWare and AdwCleaner and then tried running a MBAM full system scan and it had found one error before I walked away and the machine rebooted. I also made sure I updated MBAM before running the scan. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Professional x64Ran by rsimonson on Thu 02/06/2014 at 11:22:18.31~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\rsimonson\AppData\Roaming\mozilla\firefox\profiles\poqb40nw.default\extensions\staged ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 02/06/2014 at 11:31:55.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.018 - Report created 06/02/2014 at 11:41:36# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : rsimonson - REMUS-RYANS# Running from : C:\Users\rsimonson\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\rsimonson\AppData\Roaming\Mozilla\Firefox\Profiles\poqb40nw.default\prefs.js ] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\rsimonson\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1406 octets] - [29/01/2014 15:07:32]AdwCleaner[R1].txt - [1041 octets] - [06/02/2014 11:39:51]AdwCleaner[s0].txt - [1477 octets] - [29/01/2014 15:09:01]AdwCleaner[s1].txt - [964 octets] - [06/02/2014 11:41:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1023 octets] ########## # AdwCleaner v3.018 - Report created 06/02/2014 at 11:39:51# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : rsimonson - REMUS-RYANS# Running from : C:\Users\rsimonson\Downloads\AdwCleaner (1).exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\rsimonson\AppData\Roaming\Mozilla\Firefox\Profiles\poqb40nw.default\prefs.js ] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\rsimonson\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1406 octets] - [29/01/2014 15:07:32]AdwCleaner[R1].txt - [843 octets] - [06/02/2014 11:39:51]AdwCleaner[s0].txt - [1477 octets] - [29/01/2014 15:09:01] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [962 octets] ########## Link to post Share on other sites More sharing options...
Missoulian Posted February 6, 2014 Author ID:787671 Share Posted February 6, 2014 I also uninstalled Security Essentials, I was unaware that having two could cause such problems. Thank you for the heads up! Link to post Share on other sites More sharing options...
Maniac Posted February 6, 2014 ID:787694 Share Posted February 6, 2014 Please try to perform a full system scan now. Link to post Share on other sites More sharing options...
Missoulian Posted February 6, 2014 Author ID:787701 Share Posted February 6, 2014 I ran a full system scan and it again rebooted midway through. Link to post Share on other sites More sharing options...
Maniac Posted February 6, 2014 ID:787703 Share Posted February 6, 2014 Thanks for checking! Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
Missoulian Posted February 7, 2014 Author ID:787979 Share Posted February 7, 2014 Here is the ComboFix log file: ComboFix 14-02-05.02 - rsimonson 02/07/2014 9:21.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3407.2045 [GMT -7:00]Running from: c:\users\rsimonson\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roaming..((((((((((((((((((((((((( Files Created from 2014-01-07 to 2014-02-07 )))))))))))))))))))))))))))))))..2014-02-07 16:25 . 2014-02-07 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-07 16:25 . 2014-02-07 16:25 -------- d-----w- c:\users\admin\AppData\Local\temp2014-01-29 22:06 . 2014-02-06 18:41 -------- d-----w- C:\AdwCleaner2014-01-29 21:36 . 2014-01-29 21:36 -------- d-----w- c:\windows\ERUNT2014-01-28 23:23 . 2014-01-28 23:23 -------- d-----w- c:\windows\Migration2014-01-15 15:07 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 15:07 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 15:07 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 15:07 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 15:07 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 15:07 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 15:07 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 15:07 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 15:07 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 18:41 . 2014-01-14 18:41 -------- d-----w- c:\users\rsimonson\AppData\Roaming\Roxio Log Files2014-01-11 05:49 . 2014-01-11 05:49 -------- d-----w- c:\programdata\Trend Micro...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-04 19:27 . 2013-04-24 22:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-04 19:27 . 2013-04-24 22:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-16 16:59 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2014-01-16 00:04 . 2013-04-24 18:18 86054176 ----a-w- c:\windows\system32\MRT.exe2014-01-15 01:01 . 2013-04-25 16:16 814800 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2013-11-26 11:54 . 2013-12-11 23:47 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-11 23:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-11 23:47 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-11 23:47 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-11 23:47 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-11 23:47 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-11 23:47 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-11 23:47 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-11 23:47 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-11 23:47 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-11 23:47 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-11 23:47 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-11 23:47 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-11 23:47 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-11 23:47 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-11 23:47 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-11 23:47 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-11 23:47 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-11 23:47 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-11 23:47 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-11 23:47 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-11 23:47 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-11 23:47 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-11 23:47 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-11 15:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-11 15:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-19 18:56 . 2013-11-19 18:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-19 18:56 . 2013-11-19 18:56 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-19 18:56 . 2013-11-19 18:56 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-11-19 18:56 . 2013-11-19 18:56 235008 ----a-w- c:\windows\system32\elshyph.dll2013-11-19 18:56 . 2013-11-19 18:56 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-19 18:56 . 2013-11-19 18:56 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-11-19 18:56 . 2013-11-19 18:56 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-11-19 18:56 . 2013-11-19 18:56 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-11-19 18:56 . 2013-11-19 18:56 337408 ----a-w- c:\windows\SysWow64\html.iec2013-11-19 18:56 . 2013-11-19 18:56 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-11-19 18:56 . 2013-11-19 18:56 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-11-19 18:56 . 2013-11-19 18:56 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-11-19 18:56 . 2013-11-19 18:56 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-11-19 18:56 . 2013-11-19 18:56 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-11-19 18:56 . 2013-11-19 18:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-11-19 18:56 . 2013-11-19 18:56 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-11-19 18:56 . 2013-11-19 18:56 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-11-19 18:56 . 2013-11-19 18:56 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-11-19 18:56 . 2013-11-19 18:56 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-11-19 18:56 . 2013-11-19 18:56 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-11-19 18:56 . 2013-11-19 18:56 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-11-19 18:56 . 2013-11-19 18:56 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-19 18:56 . 2013-11-19 18:56 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-19 18:56 . 2013-11-19 18:56 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-19 18:56 . 2013-11-19 18:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-11-19 18:56 . 2013-11-19 18:56 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-19 18:56 . 2013-11-19 18:56 247808 ----a-w- c:\windows\system32\msls31.dll2013-11-19 18:56 . 2013-11-19 18:56 195584 ----a-w- c:\windows\system32\msrating.dll2013-11-19 18:55 . 2013-11-19 18:55 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-19 18:55 . 2013-11-19 18:55 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-11-19 18:55 . 2013-11-19 18:55 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-11-19 18:55 . 2013-11-19 18:55 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-11-19 18:55 . 2013-11-19 18:55 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-11-19 18:55 . 2013-11-19 18:55 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-11-19 18:55 . 2013-11-19 18:55 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-19 18:55 . 2013-11-19 18:55 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-11-19 18:55 . 2013-11-19 18:55 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-11-19 18:55 . 2013-11-19 18:55 413696 ----a-w- c:\windows\system32\html.iec2013-11-19 18:55 . 2013-11-19 18:55 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-11-19 18:55 . 2013-11-19 18:55 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-11-19 18:55 . 2013-11-19 18:55 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-19 18:55 . 2013-11-19 18:55 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-19 18:55 . 2013-11-19 18:55 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-11-19 18:55 . 2013-11-19 18:55 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-11-19 18:55 . 2013-11-19 18:55 243200 ----a-w- c:\windows\system32\webcheck.dll2013-11-19 18:55 . 2013-11-19 18:55 235520 ----a-w- c:\windows\system32\url.dll2013-11-19 18:55 . 2013-11-19 18:55 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-11-19 18:55 . 2013-11-19 18:55 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-19 18:55 . 2013-11-19 18:55 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-11-19 18:55 . 2013-11-19 18:55 548352 ----a-w- c:\windows\system32\vbscript.dll2013-11-19 18:55 . 2013-11-19 18:55 167424 ----a-w- c:\windows\system32\iexpress.exe2013-11-19 18:55 . 2013-11-19 18:55 147968 ----a-w- c:\windows\system32\occache.dll2013-11-19 18:55 . 2013-11-19 18:55 143872 ----a-w- c:\windows\system32\wextract.exe2013-11-19 18:55 . 2013-11-19 18:55 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-11-19 18:55 . 2013-11-19 18:55 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-19 18:55 . 2013-11-19 18:55 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-19 18:55 . 2013-11-19 18:55 48128 ----a-w- c:\windows\system32\imgutil.dll2013-11-19 18:55 . 2013-11-19 18:55 13824 ----a-w- c:\windows\system32\mshta.exe2013-11-19 18:55 . 2013-11-19 18:55 135680 ----a-w- c:\windows\system32\iepeers.dll2013-11-12 02:23 . 2013-12-11 15:02 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-12 02:07 . 2013-12-11 15:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-04-25 16:51 222712 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-04-25 16:51 222712 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-04-25 16:51 222712 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-01-15 01:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-01-15 01:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-01-15 01:02 1727176 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"googletalk"="c:\users\rsimonson\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWelcomeScreen"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/03/27 19:37;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.2.37054.0.sys [x]R3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]R3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\DRIVERS\lan9500-x64-n51f.sys;c:\windows\SYSNATIVE\DRIVERS\lan9500-x64-n51f.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 vl810filter;VL810 Filter Driver;c:\windows\system32\DRIVERS\vl810filter.sys;c:\windows\SYSNATIVE\DRIVERS\vl810filter.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctkmdldr64.sys;c:\windows\SYSNATIVE\drivers\mctkmdldr64.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]S2 GManager;GManager;c:\windows\system32\GManager.exe;c:\windows\SYSNATIVE\GManager.exe [x]S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]S2 MCTDesktopSvr;MCTDesktopSvr;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [x]S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x]S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x]S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [x]S3 dlcdcncm6_x64;dlcdcncm6_x64;c:\windows\system32\DRIVERS\dlcdcncm6_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcncm6_x64.sys [x]S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]S3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd64.sys;c:\windows\SYSNATIVE\drivers\mctkmd64.sys [x]S3 t1pusb64;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb64.sys;c:\windows\SYSNATIVE\drivers\t1pusb64.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-03 20:27 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:27].2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 19:47].2014-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 19:47]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-04-25 16:51 261624 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-04-25 16:51 261624 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-04-25 16:51 261624 ----a-w- c:\users\rsimonson\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-09 6414440]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-03 1156712]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]"MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]"FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2013-01-11 2452992]"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2012-12-06 2380800]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 439104]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105Trusted Zone: dell.comTCP: DhcpNameServer = 10.1.1.2TCP: Interfaces\{893C25A4-A448-47FD-A57F-0F0D111366F6}: NameServer = 10.1.1.2FF - ProfilePath - c:\users\rsimonson\AppData\Roaming\Mozilla\Firefox\Profiles\poqb40nw.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-07 09:27:16ComboFix-quarantined-files.txt 2014-02-07 16:27.Pre-Run: 72,579,919,872 bytes freePost-Run: 74,674,081,792 bytes free.- - End Of File - - CB09F80821612DD1605F6C054D2CF608 Link to post Share on other sites More sharing options...
Maniac Posted February 7, 2014 ID:788098 Share Posted February 7, 2014 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
Missoulian Posted February 7, 2014 Author ID:788128 Share Posted February 7, 2014 C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantinedC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantinedC:\Users\rsimonson\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined Link to post Share on other sites More sharing options...
Maniac Posted February 9, 2014 ID:788716 Share Posted February 9, 2014 Please update your Malwarebytes' Anti-Malware and perform a full system scan. Link to post Share on other sites More sharing options...
Missoulian Posted February 10, 2014 Author ID:789152 Share Posted February 10, 2014 Hey Maniac, Updated Malwarebytes and ran a full system scan and the computer again rebooted. Not sure if this helps, but it appears this is about where the scan was when the reboot initiated: C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_97769b281ba398b8.manifest. I attempted to run a Malwarebytes scan of just this Backup folder and it reboots the computer after a few seconds and it is on these "nager-efi" files when the reboot occurs. Thanks for all of your help! Link to post Share on other sites More sharing options...
Maniac Posted February 10, 2014 ID:789337 Share Posted February 10, 2014 Please follow the instructions here: https://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry417944 Reboot your system, update Malwarebytes' Anti-Malware and perform a full system scan. Link to post Share on other sites More sharing options...
Missoulian Posted February 11, 2014 Author ID:789719 Share Posted February 11, 2014 I followed the three steps, rebooted, updated MBAM and ran a full system scan but it still rebooted. It rebooted in the same location: C:\Windows\winsxs\Backup\ Link to post Share on other sites More sharing options...
Missoulian Posted February 11, 2014 Author ID:789780 Share Posted February 11, 2014 I added C:\Windows\winsxs\Backup to the MBAM "Ignore List" and performed a full system scan and it was able to complete without rebooting. I would imagine this is not recommended but it is at least now able to perform a full system scan (minus this folder, of course). Link to post Share on other sites More sharing options...
Maniac Posted February 12, 2014 ID:789847 Share Posted February 12, 2014 Nice work! Thanks for letting me know! So now everything is fine? Link to post Share on other sites More sharing options...
Missoulian Posted February 12, 2014 Author ID:790103 Share Posted February 12, 2014 Yes, everything seems to be back to normal. Thanks again for all of your help, Maniac!! Much appreciated! Link to post Share on other sites More sharing options...
Maniac Posted February 12, 2014 ID:790277 Share Posted February 12, 2014 Glad I could help! Step 1Download OTL to your desktop and run it.Click on CleanUp button.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Please uninstall ESET Online Scanner . Step 4 Some malware preventions: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 19, 2014 Root Admin ID:793481 Share Posted February 19, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts