Jump to content

possible rootkit from the tor browser bundle


Recommended Posts

i was all over the onion sites thew tor to see what was on their , shortly couple weeks later computer started acting funny. ran malwarebytes and came back with infections on the reboot i could not log on the computer it said user profile connot be loaded,used the hirems disk to boot in mini xp .ran the gmer and got back I386\system32\ntkrnlmp.exe  kernel module suspicious modifacation,that was the only one i wrote down i was planing on running the gmer again when it wouldnt let me alot of stuff that worked on the hirems disk started not letting me do it , came back with error the system cannot find the file like as if everything was be erased or something i allso saw some callbacks.it would not let me re install a new operating system, icouldnt access the c:\drive  it wasnt even their. i reformated the hard drive  and reinstalled. . i ran hijackthis and this is what i got backLogfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:54:39 PM, on 3/5/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\HBCD\HBCDMenu.exe
C:\Users\robin\AppData\Local\Temp\HBCD\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hiren.info)(2012-11-07 00:00:00)
 
---- Files - GMER 2.1 ----
 
File     C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001e0                                                                                                                   26375 bytes
File     C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000445                                                                                                                   0 bytes
File     C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000019.log                                                                                                       0 bytes
File     C:\Windows\SoftwareDistribution\Download\59b911c0719d958424025d101dcd58da                                                                                                                     0 bytes
File     C:\Windows\SoftwareDistribution\Download\59b911c0719d958424025d101dcd58da\$dpx$.tmp                                                                                                           0 bytes
 
---- EOF - GMER 2.1 ----
in the rigistery scan part of the gmer the HKEY_LOCAL_MACHINE all of the sam   files are red,,al of the security file red and software  ati technalogys are red, and tdbg_trace are red  & wow6432node are red.could sombody let me know whats going on  ..robin
Link to post
Share on other sites

  • Staff

Hello robinredd

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

thank u for answering my post . iread your post and i will not run ant more scans only the one you tell me to run. i ran the scan you told me to and posted them to my desk top opened them and copyed them and highlighted them copy and pasted them here.i have been on this computer sence i posted this, i been on my other laptop , i didnt want to cause any futher damage if the rootkit is still their .i dont know what to look for,i wanted somebody that know what their doing in that area, all i know is that stuff came back on the gmer scan and nothing comes back on my other laptop when i scan it

i have never had a virus like that one that literly took control of my lap top. i had to have somebody take my hard drive out and reformat it.and i remember how fast the virus from showing sings to to not being able to do anything, not even reinstall with a  windows 8 disk.and everything ive been reading about tor and the nsa developing a rootkit to compermise the computer long term. and to think i was running and looking all over in the onion sites to see what was on their,curious thank u so much for helping me.

 

   Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014

Ran by robin (administrator) on ROBIN on 11-03-2014 03:47:58
Running from C:\Users\robin\Documents
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] - C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR Extension: (Tron 3d adventure battle) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanhcnockifolplnebljmnmbphjnanhe [2014-02-23]
CHR Extension: (Entanglement Web App) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-02-23]
CHR Extension: (Bubble Spinner) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjdflljpkajppdkpfnnhipfbofokdea [2014-02-23]
CHR Extension: (Bow Master) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmjmiljikbnpbddjlbcldcficagcnjm [2014-02-23]
CHR Extension: (Google Docs) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-23]
CHR Extension: (Google Drive) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-23]
CHR Extension: (Death Metal Rooster) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdnkaenpadjoldiddfdidinjmjeagaji [2014-02-23]
CHR Extension: (Bow Master Japan) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\beegfnmknkfjdnajgannnpiipandjpgo [2014-02-23]
CHR Extension: (Basketball Shot (3D)) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjloelieeckedkbpgkemddipblhoocjj [2014-02-23]
CHR Extension: (Hidden Objects - House 1) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2014-02-23]
CHR Extension: (YouTube) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-23]
CHR Extension: (Duck Hunter) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmdgpgpoggmdbkfhdegpidfoiomdjnle [2014-02-23]
CHR Extension: (Facebook) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-02-23]
CHR Extension: (Play Shooting Games Online) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmfalaafnkagnahfokpgdfabmimeaen [2014-02-23]
CHR Extension: (Google Search) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-23]
CHR Extension: (Netflix) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-02-23]
CHR Extension: (Guitar Tuner) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi [2014-02-23]
CHR Extension: (Chrome Speak) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\diagnfimeecdcecjpnkjgbnlelkclcpj [2014-02-23]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2014-02-23]
CHR Extension: (Max Arrow) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjnelddndmdgkghhepkmhocgggpbehc [2014-02-23]
CHR Extension: (Bottle Shooting) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\enlhholpgabnfajcblcglijhianldmjj [2014-02-23]
CHR Extension: (Archery Challenge) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpaljgnfbaecdlppapeniekoebclnoc [2014-02-23]
CHR Extension: (Gangnam Style Game) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbdhcafljkcahgefanhpdahdnpfkaok [2014-02-23]
CHR Extension: (Combat 3) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibihokcbohbhcblofebdholmfocjjcj [2014-02-23]
CHR Extension: (Facebook for Chrome) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2014-02-23]
CHR Extension: (AdBlock) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-23]
CHR Extension: (Apple Shooting) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkgoneongcjgidecceapgdmibblfijp [2014-02-23]
CHR Extension: (Fairway Solitaire) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho [2014-02-23]
CHR Extension: (Translator by Dictionary.com) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\glacllipodbjfijgkcdifnlhmoddlkon [2014-02-23]
CHR Extension: (Archer Online) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfaiioeafjeehpdcdgibkpdjbccfcgf [2014-02-23]
CHR Extension: (Crazy Shooting) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood [2014-02-23]
CHR Extension: (Gold Fishing) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iodjmjmokklgdblbbbejjcmjcgocgkee [2014-02-23]
CHR Extension: (Clearly) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-02-23]
CHR Extension: (2013 Shooting Games) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhjcabacbknjfngmbhhameinfekcjfc [2014-02-23]
CHR Extension: (Archery Defense 3D) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjigfcnmljleoomdcljglbllfpkbhpai [2014-02-23]
CHR Extension: (cellMatch) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpppjblbdkadfdieebjgdpjinnpojmnp [2014-02-23]
CHR Extension: (Basketball machine) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldidojjcjkcjiekingdggejjpnnjelei [2014-02-23]
CHR Extension: (Webcam Toy) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-02-23]
CHR Extension: (Classic Popup Blocker) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2014-02-23]
CHR Extension: (Siege of Troy 2) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljegohjhfpkkjlhohgfghgkdjkkhmgmi [2014-02-23]
CHR Extension: (NaturalReader Text to Speech) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpffgiekkmdfnmknoollbedhaabacpgg [2014-02-23]
CHR Extension: (Hit The Jackpot 2) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpgfdedckkjdpmlapnndjncoogclaegk [2014-02-23]
CHR Extension: (Motor Wars) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\makbmncmboemglecnhfmhobkgdcnonhe [2014-02-23]
CHR Extension: (Ghostery) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-23]
CHR Extension: (AutoPager Chrome) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2014-02-23]
CHR Extension: (Google Wallet) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-23]
CHR Extension: (Angry Gran Run Grannywood) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmojokhbkmadlikkljgkbpdphaeapkmo [2014-02-23]
CHR Extension: (Shoot Bottle) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcmblenemndmonadbmepnbfpkhhiifm [2014-02-23]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-02-23]
CHR Extension: (SpeakIt!) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2014-02-23]
CHR Extension: (Gmail) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-23]
 
==================== Services (Whitelisted) =================
 
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [13312 2013-12-09] (LXD Development, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-11 03:47 - 2014-03-11 03:48 - 00012585 _____ () C:\Users\robin\Documents\FRST.txt
2014-03-11 03:46 - 2014-03-11 03:47 - 00000000 ____D () C:\FRST
2014-03-11 03:45 - 2014-03-11 03:46 - 02157056 _____ (Farbar) C:\Users\robin\Documents\FRST64.exe
2014-03-11 03:43 - 2014-03-11 03:43 - 01145856 _____ (Farbar) C:\Users\robin\Documents\FRST.exe
2014-03-06 06:29 - 2014-03-06 06:29 - 00030901 _____ () C:\Users\robin\Documents\scan gmer.log
2014-03-06 04:53 - 2014-03-06 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-19934109.txt
2014-03-06 04:53 - 2014-03-06 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-19932734.txt
2014-03-06 04:31 - 2014-03-06 04:31 - 00007815 _____ () C:\Users\robin\Documents\hijackthis.logg
2014-03-06 03:39 - 2014-03-06 03:39 - 00000117 _____ () C:\Windows\system32\netcfg-15514140.txt
2014-03-06 03:39 - 2014-03-06 03:39 - 00000117 _____ () C:\Windows\system32\netcfg-15514109.txt
2014-03-06 00:54 - 2014-03-06 00:54 - 00005830 _____ () C:\Users\robin\Documents\hijackthis.log
2014-03-06 00:41 - 2014-03-06 00:42 - 00002548 _____ () C:\Users\robin\AppData\Local\installer.log
2014-03-06 00:41 - 2014-03-06 00:41 - 00000236 _____ () C:\Users\robin\AppData\Local\LaunchHomeCenter.log
2014-03-06 00:41 - 2014-03-06 00:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-06 00:40 - 2014-03-06 00:40 - 00000000 ____D () C:\Windows\system32\kodak
2014-03-05 23:38 - 2014-03-05 23:38 - 00002157 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2014-03-05 23:38 - 2014-03-05 23:38 - 00001947 _____ () C:\Users\Public\Desktop\PrintProjects.lnk
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\Users\robin\AppData\Local\Eastman_Kodak_Company
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\ProgramData\Visan
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2014-03-05 23:37 - 2014-03-05 23:37 - 00002076 _____ () C:\Users\Public\Desktop\Get CleanPrint.lnk
2014-03-05 23:37 - 2014-03-05 23:37 - 00000000 ____D () C:\Users\robin\AppData\Local\Eastman Kodak Company
2014-03-05 23:35 - 2014-03-05 23:36 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2014-03-05 23:35 - 2014-03-05 23:35 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-03-05 23:34 - 2014-03-05 23:35 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-03-05 23:33 - 2014-03-11 03:36 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-05 23:33 - 2014-03-05 23:33 - 10003416 _____ (Eastman Kodak Company) C:\Users\robin\Downloads\aio_install.exe
2014-03-05 23:23 - 2014-03-05 23:23 - 00192676 _____ () C:\Users\robin\Documents\y.oxps
2014-03-05 23:16 - 2014-03-05 23:16 - 00192676 _____ () C:\Users\robin\Documents\ygy.oxps
2014-03-05 23:09 - 2014-03-05 23:09 - 00000117 _____ () C:\Windows\system32\netcfg-20334984.txt
2014-03-05 23:09 - 2014-03-05 23:09 - 00000117 _____ () C:\Windows\system32\netcfg-20308843.txt
2014-03-05 22:56 - 2014-03-05 23:04 - 00192676 _____ () C:\Users\robin\Documents\hjjjjjjjjj.oxps
2014-03-05 18:16 - 2014-02-04 20:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-05 18:15 - 2014-03-05 18:15 - 25640672 _____ (Microsoft Corporation) C:\Users\robin\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-05 18:08 - 2013-08-06 22:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-03-05 18:08 - 2012-11-09 21:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-05 18:08 - 2012-11-09 21:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-05 18:08 - 2012-11-09 21:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2014-03-05 18:08 - 2012-11-09 21:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2014-03-05 18:08 - 2012-11-09 21:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2014-03-05 18:07 - 2014-01-19 00:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-05 17:55 - 2014-03-05 17:55 - 00000000 ____D () C:\Users\robin\Desktop\New folder
2014-03-05 17:47 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-05 17:47 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-05 17:47 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-05 17:47 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40406.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40375.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40343.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40218.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-38234.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-33031.txt
2014-02-24 00:20 - 2014-02-24 00:20 - 00272360 _____ () C:\Windows\Minidump\022314-20718-01.dmp
2014-02-24 00:20 - 2014-02-24 00:20 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 00:19 - 2014-02-24 00:19 - 711881543 _____ () C:\Windows\MEMORY.DMP
2014-02-23 15:40 - 2014-02-23 15:40 - 00370943 _____ () C:\Users\robin\Downloads\gmer.zip
2014-02-23 15:30 - 2014-02-23 15:30 - 00000117 _____ () C:\Windows\system32\netcfg-43632140.txt
2014-02-23 15:30 - 2014-02-23 15:30 - 00000117 _____ () C:\Windows\system32\netcfg-43632109.txt
2014-02-23 14:17 - 2014-02-23 14:17 - 00000117 _____ () C:\Windows\system32\netcfg-39276203.txt
2014-02-23 14:17 - 2014-02-23 14:17 - 00000117 _____ () C:\Windows\system32\netcfg-39275937.txt
2014-02-23 14:16 - 2014-02-23 14:16 - 00000117 _____ () C:\Windows\system32\netcfg-39211406.txt
2014-02-23 14:16 - 2014-02-23 14:16 - 00000117 _____ () C:\Windows\system32\netcfg-39210671.txt
2014-02-23 09:50 - 2014-02-23 09:50 - 00000117 _____ () C:\Windows\system32\netcfg-23256812.txt
2014-02-23 09:50 - 2014-02-23 09:50 - 00000117 _____ () C:\Windows\system32\netcfg-23255859.txt
2014-02-23 06:19 - 2014-02-23 06:19 - 00000117 _____ () C:\Windows\system32\netcfg-10619765.txt
2014-02-23 06:19 - 2014-02-23 06:19 - 00000117 _____ () C:\Windows\system32\netcfg-10619156.txt
2014-02-23 06:15 - 2014-02-23 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-10356125.txt
2014-02-23 06:15 - 2014-02-23 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-10354125.txt
2014-02-23 04:36 - 2014-03-05 17:41 - 00002184 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 04:35 - 2014-03-11 03:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 04:35 - 2014-03-11 03:40 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 04:35 - 2014-02-23 04:36 - 00000000 ____D () C:\Users\robin\AppData\Local\Google
2014-02-23 04:35 - 2014-02-23 04:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 04:35 - 2014-02-23 04:35 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 04:35 - 2014-02-23 04:35 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 04:34 - 2014-02-23 04:34 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-23 04:34 - 2014-02-23 04:34 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-23 04:26 - 2014-02-23 04:26 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Macromedia
2014-02-23 04:23 - 2014-02-23 04:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 04:23 - 2014-02-23 04:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 04:23 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-23 04:22 - 2014-02-23 04:22 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Malwarebytes
2014-02-23 04:22 - 2014-02-23 04:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 04:16 - 2012-08-20 07:48 - 02966720 _____ () C:\Windows\system32\pwNative.exe
2014-02-23 04:16 - 2012-08-20 07:48 - 00019032 ____N () C:\Windows\system32\pwdrvio.sys
2014-02-23 04:16 - 2012-08-20 07:48 - 00012384 ____N () C:\Windows\system32\pwdspio.sys
2014-02-23 03:54 - 2014-03-11 03:37 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2456486195-886157092-1242700533-1001
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Program Files\AuthenTec
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Intel
2014-02-23 03:47 - 2014-02-23 03:47 - 00001431 _____ () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Adobe
2014-02-23 03:46 - 2014-03-11 03:41 - 01186074 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 03:46 - 2014-02-24 02:49 - 00000000 ____D () C:\Users\robin
2014-02-23 03:46 - 2014-02-23 03:58 - 00000000 ____D () C:\Users\robin\AppData\Local\VirtualStore
2014-02-23 03:46 - 2014-02-23 03:47 - 00000000 ____D () C:\Users\robin\AppData\Local\Packages
2014-02-23 03:46 - 2014-02-23 03:47 - 00000000 ____D () C:\ProgramData\PRICache
2014-02-23 03:46 - 2014-02-23 03:46 - 00000020 ___SH () C:\Users\robin\ntuser.ini
2014-02-23 03:46 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-23 03:46 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-23 03:46 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-23 03:46 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-23 03:41 - 2014-02-23 03:41 - 00000000 ____D () C:\Windows\CSC
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077484.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077453.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077250.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1074171.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00001136 _____ () C:\Windows\system32\netcfg-51937.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00001134 _____ () C:\Windows\system32\netcfg-42609.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000197 _____ () C:\Windows\system32\netcfg-52843.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000185 _____ () C:\Windows\system32\netcfg-50687.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000164 _____ () C:\Windows\system32\netcfg-45375.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000161 _____ () C:\Windows\system32\netcfg-47156.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-46453.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-46062.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-45125.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000159 _____ () C:\Windows\system32\netcfg-45843.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000157 _____ () C:\Windows\system32\netcfg-46703.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000157 _____ () C:\Windows\system32\netcfg-44781.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000150 _____ () C:\Windows\system32\netcfg-45593.txt
2014-02-23 03:19 - 2014-02-24 00:19 - 00000748 _____ () C:\Windows\PFRO.log
2014-02-23 03:19 - 2014-02-23 03:46 - 00000000 ____D () C:\Windows\Panther
2014-02-23 03:18 - 2014-02-23 03:22 - 00000000 __SHD () C:\Recovery
 
==================== One Month Modified Files and Folders =======
 
2014-03-11 03:48 - 2014-03-11 03:47 - 00012585 _____ () C:\Users\robin\Documents\FRST.txt
2014-03-11 03:47 - 2014-03-11 03:46 - 00000000 ____D () C:\FRST
2014-03-11 03:46 - 2014-03-11 03:45 - 02157056 _____ (Farbar) C:\Users\robin\Documents\FRST64.exe
2014-03-11 03:43 - 2014-03-11 03:43 - 01145856 _____ (Farbar) C:\Users\robin\Documents\FRST.exe
2014-03-11 03:41 - 2014-02-23 03:46 - 01186074 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 03:40 - 2014-02-23 04:35 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 03:40 - 2014-02-23 04:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 03:37 - 2014-02-23 03:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2456486195-886157092-1242700533-1001
2014-03-11 03:36 - 2014-03-05 23:33 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-11 03:36 - 2012-07-26 00:28 - 00803370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 03:31 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 07:04 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-06 07:01 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-06 07:01 - 2012-07-25 22:37 - 00000000 ____D () C:\Windows\servicing
2014-03-06 06:59 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-06 06:29 - 2014-03-06 06:29 - 00030901 _____ () C:\Users\robin\Documents\scan gmer.log
2014-03-06 04:53 - 2014-03-06 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-19934109.txt
2014-03-06 04:53 - 2014-03-06 04:53 - 00000117 _____ () C:\Windows\system32\netcfg-19932734.txt
2014-03-06 04:31 - 2014-03-06 04:31 - 00007815 _____ () C:\Users\robin\Documents\hijackthis.logg
2014-03-06 03:39 - 2014-03-06 03:39 - 00000117 _____ () C:\Windows\system32\netcfg-15514140.txt
2014-03-06 03:39 - 2014-03-06 03:39 - 00000117 _____ () C:\Windows\system32\netcfg-15514109.txt
2014-03-06 00:54 - 2014-03-06 00:54 - 00005830 _____ () C:\Users\robin\Documents\hijackthis.log
2014-03-06 00:42 - 2014-03-06 00:41 - 00002548 _____ () C:\Users\robin\AppData\Local\installer.log
2014-03-06 00:41 - 2014-03-06 00:41 - 00000236 _____ () C:\Users\robin\AppData\Local\LaunchHomeCenter.log
2014-03-06 00:41 - 2014-03-06 00:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-06 00:41 - 2012-07-26 00:21 - 00016166 _____ () C:\Windows\setupact.log
2014-03-06 00:40 - 2014-03-06 00:40 - 00000000 ____D () C:\Windows\system32\kodak
2014-03-06 00:08 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-03-05 23:38 - 2014-03-05 23:38 - 00002157 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2014-03-05 23:38 - 2014-03-05 23:38 - 00001947 _____ () C:\Users\Public\Desktop\PrintProjects.lnk
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\Users\robin\AppData\Local\Eastman_Kodak_Company
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\ProgramData\Visan
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-03-05 23:38 - 2014-03-05 23:38 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2014-03-05 23:37 - 2014-03-05 23:37 - 00002076 _____ () C:\Users\Public\Desktop\Get CleanPrint.lnk
2014-03-05 23:37 - 2014-03-05 23:37 - 00000000 ____D () C:\Users\robin\AppData\Local\Eastman Kodak Company
2014-03-05 23:36 - 2014-03-05 23:35 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2014-03-05 23:35 - 2014-03-05 23:35 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-03-05 23:35 - 2014-03-05 23:34 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-03-05 23:33 - 2014-03-05 23:33 - 10003416 _____ (Eastman Kodak Company) C:\Users\robin\Downloads\aio_install.exe
2014-03-05 23:23 - 2014-03-05 23:23 - 00192676 _____ () C:\Users\robin\Documents\y.oxps
2014-03-05 23:16 - 2014-03-05 23:16 - 00192676 _____ () C:\Users\robin\Documents\ygy.oxps
2014-03-05 23:09 - 2014-03-05 23:09 - 00000117 _____ () C:\Windows\system32\netcfg-20334984.txt
2014-03-05 23:09 - 2014-03-05 23:09 - 00000117 _____ () C:\Windows\system32\netcfg-20308843.txt
2014-03-05 23:04 - 2014-03-05 22:56 - 00192676 _____ () C:\Users\robin\Documents\hjjjjjjjjj.oxps
2014-03-05 18:37 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-05 18:15 - 2014-03-05 18:15 - 25640672 _____ (Microsoft Corporation) C:\Users\robin\Downloads\Windows-KB890830-x64-V5.9.exe
2014-03-05 18:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-05 17:55 - 2014-03-05 17:55 - 00000000 ____D () C:\Users\robin\Desktop\New folder
2014-03-05 17:41 - 2014-02-23 04:36 - 00002184 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40406.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40375.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40343.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-40218.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-38234.txt
2014-03-05 17:31 - 2014-03-05 17:31 - 00000117 _____ () C:\Windows\system32\netcfg-33031.txt
2014-02-24 02:49 - 2014-02-23 03:46 - 00000000 ____D () C:\Users\robin
2014-02-24 00:20 - 2014-02-24 00:20 - 00272360 _____ () C:\Windows\Minidump\022314-20718-01.dmp
2014-02-24 00:20 - 2014-02-24 00:20 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 00:19 - 2014-02-24 00:19 - 711881543 _____ () C:\Windows\MEMORY.DMP
2014-02-24 00:19 - 2014-02-23 03:19 - 00000748 _____ () C:\Windows\PFRO.log
2014-02-23 15:40 - 2014-02-23 15:40 - 00370943 _____ () C:\Users\robin\Downloads\gmer.zip
2014-02-23 15:30 - 2014-02-23 15:30 - 00000117 _____ () C:\Windows\system32\netcfg-43632140.txt
2014-02-23 15:30 - 2014-02-23 15:30 - 00000117 _____ () C:\Windows\system32\netcfg-43632109.txt
2014-02-23 14:17 - 2014-02-23 14:17 - 00000117 _____ () C:\Windows\system32\netcfg-39276203.txt
2014-02-23 14:17 - 2014-02-23 14:17 - 00000117 _____ () C:\Windows\system32\netcfg-39275937.txt
2014-02-23 14:16 - 2014-02-23 14:16 - 00000117 _____ () C:\Windows\system32\netcfg-39211406.txt
2014-02-23 14:16 - 2014-02-23 14:16 - 00000117 _____ () C:\Windows\system32\netcfg-39210671.txt
2014-02-23 09:50 - 2014-02-23 09:50 - 00000117 _____ () C:\Windows\system32\netcfg-23256812.txt
2014-02-23 09:50 - 2014-02-23 09:50 - 00000117 _____ () C:\Windows\system32\netcfg-23255859.txt
2014-02-23 06:19 - 2014-02-23 06:19 - 00000117 _____ () C:\Windows\system32\netcfg-10619765.txt
2014-02-23 06:19 - 2014-02-23 06:19 - 00000117 _____ () C:\Windows\system32\netcfg-10619156.txt
2014-02-23 06:15 - 2014-02-23 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-10356125.txt
2014-02-23 06:15 - 2014-02-23 06:15 - 00000117 _____ () C:\Windows\system32\netcfg-10354125.txt
2014-02-23 05:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\restore
2014-02-23 04:36 - 2014-02-23 04:35 - 00000000 ____D () C:\Users\robin\AppData\Local\Google
2014-02-23 04:36 - 2014-02-23 04:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-23 04:35 - 2014-02-23 04:35 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-23 04:35 - 2014-02-23 04:35 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 04:34 - 2014-02-23 04:34 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-23 04:34 - 2014-02-23 04:34 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-23 04:26 - 2014-02-23 04:26 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Macromedia
2014-02-23 04:23 - 2014-02-23 04:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-23 04:23 - 2014-02-23 04:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-23 04:22 - 2014-02-23 04:22 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Malwarebytes
2014-02-23 04:22 - 2014-02-23 04:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-23 03:58 - 2014-02-23 03:46 - 00000000 ____D () C:\Users\robin\AppData\Local\VirtualStore
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Program Files\AuthenTec
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-23 03:52 - 2014-02-23 03:52 - 00000000 ____D () C:\Intel
2014-02-23 03:52 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-02-23 03:47 - 2014-02-23 03:47 - 00001431 _____ () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ___RD () C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-23 03:47 - 2014-02-23 03:47 - 00000000 ____D () C:\Users\robin\AppData\Roaming\Adobe
2014-02-23 03:47 - 2014-02-23 03:46 - 00000000 ____D () C:\Users\robin\AppData\Local\Packages
2014-02-23 03:47 - 2014-02-23 03:46 - 00000000 ____D () C:\ProgramData\PRICache
2014-02-23 03:46 - 2014-02-23 03:46 - 00000020 ___SH () C:\Users\robin\ntuser.ini
2014-02-23 03:46 - 2014-02-23 03:19 - 00000000 ____D () C:\Windows\Panther
2014-02-23 03:46 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-02-23 03:46 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-23 03:41 - 2014-02-23 03:41 - 00000000 ____D () C:\Windows\CSC
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077484.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077453.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1077250.txt
2014-02-23 03:40 - 2014-02-23 03:40 - 00000117 _____ () C:\Windows\system32\netcfg-1074171.txt
2014-02-23 03:22 - 2014-02-23 03:18 - 00000000 __SHD () C:\Recovery
2014-02-23 03:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-02-23 03:21 - 2012-07-26 01:13 - 00001720 _____ () C:\Windows\DtcInstall.log
2014-02-23 03:20 - 2014-02-23 03:20 - 00001136 _____ () C:\Windows\system32\netcfg-51937.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00001134 _____ () C:\Windows\system32\netcfg-42609.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000197 _____ () C:\Windows\system32\netcfg-52843.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000185 _____ () C:\Windows\system32\netcfg-50687.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000164 _____ () C:\Windows\system32\netcfg-45375.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000161 _____ () C:\Windows\system32\netcfg-47156.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-46453.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-46062.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000160 _____ () C:\Windows\system32\netcfg-45125.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000159 _____ () C:\Windows\system32\netcfg-45843.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000157 _____ () C:\Windows\system32\netcfg-46703.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000157 _____ () C:\Windows\system32\netcfg-44781.txt
2014-02-23 03:20 - 2014-02-23 03:20 - 00000150 _____ () C:\Windows\system32\netcfg-45593.txt
2014-02-23 03:18 - 2012-07-26 01:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
 
Some content of TEMP:
====================
C:\Users\robin\AppData\Local\Temp\TIXFM.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-05 18:38
 
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by robin at 2014-03-11 03:48:25
Running from C:\Users\robin\Documents
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
 
==================== Restore Points  =========================
 
23-02-2014 12:19:50 Windows Modules Installer
06-03-2014 06:47:58 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2475749B-CEF9-49AB-BF97-BC35A252C657} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D60693CF-3504-4BD6-871A-8F340E1CBFD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-26 00:58 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-23 04:34 - 2010-08-24 20:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-05 17:41 - 2014-03-01 19:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (03/06/2014 04:53:28 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=9e473b6d-b591-4c46-9c44-90a865f22e76
 
 
System errors:
=============
Error: (03/05/2014 11:21:20 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:51:10 PM on ‎3/‎5/‎2014 was unexpected.
 
Error: (03/05/2014 11:19:21 PM) (Source: DCOM) (User: ROBIN)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (03/05/2014 11:04:25 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 10:43:52 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 10:23:48 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 10:03:43 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 09:43:33 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 09:23:24 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 09:03:20 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (03/05/2014 08:43:15 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
 
Microsoft Office Sessions:
=========================
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0039e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/11/2014 03:31:59 AM) (Source: Software Protection Platform Service)(User: )
00020001(0x00000000, 03:31:59:320)
00030001(0x00000000, 03:31:59:320 - https://activation.sls.microsoft.com)
00030002(0x00000000, 03:31:59:320 - 0)
00040001(0x00000000, 03:31:59:320 - https://activation.sls.microsoft.com)
00040002(0x00000000, 03:31:59:320 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 03:31:59:320 - 0, 1)
00040006(0x00000001, 03:31:59:320 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 03:31:59:320 - 0)
0002000C(0x00000000, 03:31:59:632 - 500)
00010002(0x8004FC01, 03:31:59:632 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 03:31:59:632)
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0039e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/11/2014 03:31:51 AM) (Source: Software Protection Platform Service)(User: )
00020001(0x00000000, 03:31:51:429)
00030001(0x00000000, 03:31:51:429 - https://activation.sls.microsoft.com)
00030002(0x00000000, 03:31:51:429 - 0)
00040001(0x00000000, 03:31:51:429 - https://activation.sls.microsoft.com)
00040002(0x00000000, 03:31:51:429 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 03:31:51:429 - 0, 1)
00040006(0x00000001, 03:31:51:429 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 03:31:51:429 - 0)
0002000C(0x00000000, 03:31:51:772 - 500)
00010002(0x8004FC01, 03:31:51:772 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 03:31:51:772)
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e473b6d-b591-4c46-9c44-90a865f22e76;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0039e473b6d-b591-4c46-9c44-90a865f22e76
 
Error: (03/06/2014 04:53:29 AM) (Source: Software Protection Platform Service)(User: )
00020001(0x00000000, 03:53:29:082)
00030001(0x00000000, 03:53:29:082 - https://activation.sls.microsoft.com)
00030002(0x00000000, 03:53:29:082 - 0)
00040001(0x00000000, 03:53:29:082 - https://activation.sls.microsoft.com)
00040002(0x00000000, 03:53:29:085 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 03:53:29:086 - 0, 1)
00040006(0x00000001, 03:53:29:086 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 03:53:29:086 - 0)
0002000C(0x00000000, 03:53:29:396 - 500)
00010002(0x8004FC01, 03:53:29:396 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked.  ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 03:53:29:396)
 
Error: (03/06/2014 04:53:28 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004C0039e473b6d-b591-4c46-9c44-90a865f22e76
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3766.88 MB
Available physical RAM: 1945.85 MB
Total Pagefile: 7606.88 MB
Available Pagefile: 5447.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (d) (Fixed) (Total:465.66 GB) (Free:440.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000CD033)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Staff

Hello robinredd

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

# AdwCleaner v3.021 - Report created 11/03/2014 at 06:51:12

# Updated 10/03/2014 by Xplode

# Operating System : Windows 8 Pro  (64 bits)

# Username : robin - ROBIN

# Running from : C:\Users\robin\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16384

 

 

-\\ Google Chrome v33.0.1750.146

 

[ File : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [858 octets] - [11/03/2014 06:44:11]

AdwCleaner[R1].txt - [915 octets] - [11/03/2014 06:50:33]

AdwCleaner[s0].txt - [839 octets] - [11/03/2014 06:51:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [898 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows 8 Pro x64

Ran by robin on Tue 03/11/2014 at  7:22:42.22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 03/11/2014 at  7:24:47.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

  • Staff

Hello robinredd

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

here is the combofix log :) i dont notice anything weird on the laptop. i got no errors doing the combo fix. what does it say ???the big question was it still their/was something their?? thank u so much.

                                robin  

 

ComboFix 14-03-10.01 - robin 03/11/2014   8:11.1.4 - x64

Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3767.2912 [GMT -7:00]

Running from: c:\users\robin\Documents\ComboFix.exe

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-02-11 to 2014-03-11  )))))))))))))))))))))))))))))))

.

.

2014-03-11 15:15 . 2014-03-11 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-11 14:31 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C9E008-C834-4267-AFFD-35D4916B7EEC}\mpengine.dll

2014-03-11 14:09 . 2014-03-11 14:09 -------- d-----w- c:\windows\ERUNT

2014-03-11 14:04 . 2014-01-09 08:02 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-11 14:04 . 2014-01-09 08:02 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-11 13:43 . 2014-03-11 13:51 -------- d-----w- C:\AdwCleaner

2014-03-11 12:53 . 2012-11-26 02:15 16114176 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2014-03-11 12:53 . 2012-11-26 02:14 15541248 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2014-03-11 11:14 . 2012-09-20 07:55 3265256 ----a-w- c:\windows\system32\drivers\evbda.sys

2014-03-11 11:13 . 2012-09-20 06:33 92672 ----a-w- c:\windows\system32\drvinst.exe

2014-03-11 11:08 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll

2014-03-11 11:07 . 2012-10-11 05:45 3236864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2014-03-11 11:06 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll

2014-03-11 10:56 . 2012-10-12 06:14 652800 ----a-w- c:\windows\system32\srmscan.dll

2014-03-11 10:55 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll

2014-03-11 10:55 . 2012-10-17 04:32 1172992 ----a-w- c:\windows\system32\mfnetsrc.dll

2014-03-11 10:55 . 2012-10-17 04:32 677888 ----a-w- c:\windows\system32\mfnetcore.dll

2014-03-11 10:55 . 2012-10-17 04:32 673280 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll

2014-03-11 10:55 . 2012-10-17 03:57 929792 ----a-w- c:\windows\SysWow64\mfnetsrc.dll

2014-03-11 10:55 . 2012-10-17 03:57 568832 ----a-w- c:\windows\SysWow64\mfnetcore.dll

2014-03-11 10:55 . 2012-10-17 03:57 513024 ----a-w- c:\windows\SysWow64\mfmpeg2srcsnk.dll

2014-03-11 10:51 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys

2014-03-11 10:51 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys

2014-03-11 10:51 . 2013-05-04 04:48 27648 ----a-w- c:\windows\system32\drivers\hidusb.sys

2014-03-11 10:46 . 2014-03-11 10:48 -------- d-----w- C:\FRST

2014-03-11 10:43 . 2012-11-20 05:24 1164800 ----a-w- c:\windows\SysWow64\Display.dll

2014-03-11 10:43 . 2012-11-20 05:17 1184256 ----a-w- c:\windows\system32\Display.dll

2014-03-11 10:43 . 2012-11-20 05:02 6656 ----a-w- c:\windows\SysWow64\KBDKURD.DLL

2014-03-11 10:43 . 2012-11-20 04:59 7168 ----a-w- c:\windows\system32\KBDKURD.DLL

2014-03-11 10:43 . 2012-11-20 04:56 27136 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-03-11 10:43 . 2012-11-20 04:54 39936 ----a-w- c:\windows\system32\drivers\hidi2c.sys

2014-03-11 10:41 . 2013-08-02 06:28 19758080 ----a-w- c:\windows\system32\shell32.dll

2014-03-06 07:41 . 2012-10-08 18:06 261632 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2014-03-06 07:41 . 2012-10-08 18:06 261632 ----a-w- c:\windows\system32\Spool\prtprocs\x64\1_EKIJ5000PPR.dll

2014-03-06 07:40 . 2014-03-06 07:40 -------- d-----w- c:\windows\system32\kodak

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\programdata\PrintProjects

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\program files (x86)\PrintProjects

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\programdata\Visan

2014-03-06 06:35 . 2014-03-06 06:36 -------- d-----w- c:\windows\SysWow64\kodak

2014-03-06 06:35 . 2014-03-06 06:35 -------- d-----w- c:\windows\SysWow64\spool

2014-03-06 06:34 . 2014-03-06 06:35 -------- d-----w- c:\program files (x86)\Kodak

2014-03-06 06:33 . 2014-03-11 14:03 -------- d-----w- c:\programdata\Kodak

2014-03-06 01:16 . 2014-02-05 03:09 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-03-06 01:09 . 2013-01-09 23:26 1611776 ----a-w- c:\windows\SysWow64\mmc.exe

2014-03-06 01:09 . 2013-01-09 23:23 2094592 ----a-w- c:\windows\system32\mmc.exe

2014-03-06 01:09 . 2013-01-09 23:23 1964544 ----a-w- c:\windows\system32\wlidsvc.dll

2014-03-06 01:09 . 2013-01-09 23:23 274432 ----a-w- c:\windows\system32\srmstormod.dll

2014-03-06 01:09 . 2013-01-09 23:23 1886208 ----a-w- c:\windows\system32\setupapi.dll

2014-03-06 01:09 . 2013-01-10 01:53 28904 ----a-w- c:\windows\system32\drivers\msgpiowin32.sys

2014-03-06 01:09 . 2013-01-09 23:26 202752 ----a-w- c:\windows\SysWow64\srmstormod.dll

2014-03-06 01:09 . 2013-01-09 23:26 1752064 ----a-w- c:\windows\SysWow64\setupapi.dll

2014-03-06 01:09 . 2013-01-09 23:23 406016 ----a-w- c:\windows\system32\Windows.Media.dll

2014-03-06 01:09 . 2013-01-09 23:22 438272 ----a-w- c:\windows\system32\lsm.dll

2014-03-06 01:07 . 2012-10-10 07:04 94208 ----a-w- c:\windows\system32\synceng.dll

2014-03-06 01:07 . 2012-10-10 06:31 72192 ----a-w- c:\windows\SysWow64\synceng.dll

2014-03-06 01:07 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-06 01:04 . 2013-08-16 05:39 2371728 ----a-w- c:\windows\system32\WSService.dll

2014-03-06 01:03 . 2013-07-01 22:14 43008 ----a-w- c:\windows\system32\drivers\usbscan.sys

2014-03-06 01:03 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys

2014-03-06 01:00 . 2012-08-31 00:52 17888 ----a-w- c:\windows\system32\msvcr100_clr0400.dll

2014-03-06 01:00 . 2012-08-31 00:53 17888 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll

2014-03-06 00:58 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe

2014-03-06 00:57 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe

2014-03-06 00:50 . 2012-10-24 03:24 405504 ----a-w- c:\windows\system32\pcasvc.dll

2014-03-06 00:49 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll

2014-03-06 00:48 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll

2014-03-06 00:47 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll

2014-02-24 03:00 . 2014-02-24 03:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2014-02-23 11:35 . 2014-02-23 11:36 -------- d-----w- c:\program files (x86)\Google

2014-02-23 11:34 . 2014-02-23 11:34 -------- d-----w- c:\program files (x86)\WinPcap

2014-02-23 11:34 . 2014-02-23 11:34 -------- d-----w- c:\program files (x86)\Trend Micro

2014-02-23 11:23 . 2014-02-23 11:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-23 11:23 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-23 11:22 . 2014-02-23 11:22 -------- d-----w- c:\programdata\Malwarebytes

2014-02-23 11:16 . 2012-08-20 14:48 19032 ------w- c:\windows\system32\pwdrvio.sys

2014-02-23 11:16 . 2012-08-20 14:48 2966720 ----a-w- c:\windows\system32\pwNative.exe

2014-02-23 11:16 . 2012-08-20 14:48 12384 ------w- c:\windows\system32\pwdspio.sys

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- c:\program files\AuthenTec

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- c:\program files (x86)\Intel

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- C:\Intel

2014-02-23 10:46 . 2014-02-23 10:47 -------- d-----w- c:\programdata\PRICache

2014-02-23 10:46 . 2014-02-24 09:49 -------- d-----w- c:\users\robin

2014-02-23 10:19 . 2014-02-23 10:46 -------- d-----w- c:\windows\Panther

2014-02-23 10:18 . 2014-02-23 10:22 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-23 10:46 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2013-07-26 1102872]

"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\System32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]

S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-06 00:40 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 11:35]

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 11:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-15 168480]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-15 393248]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-15 417824]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2014-03-11  08:16:40

ComboFix-quarantined-files.txt  2014-03-11 15:16

.

Pre-Run: 468,255,997,952 bytes free

Post-Run: 467,952,189,440 bytes free

.

- - End Of File - - CE4100F52F2A149E91E4F71F140752A1

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Staff

Hello robinredd

The report looks good.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

ComboFix 14-03-10.01 - robin 03/11/2014   8:53.2.4 - x64

Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3767.2066 [GMT -7:00]

Running from: c:\users\robin\Documents\ComboFix.exe

Command switches used :: c:\users\robin\Desktop\CFScript.txt

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-02-11 to 2014-03-11  )))))))))))))))))))))))))))))))

.

.

2014-03-11 15:56 . 2014-03-11 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-11 15:22 . 2014-03-11 15:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C9E008-C834-4267-AFFD-35D4916B7EEC}\offreg.dll

2014-03-11 14:31 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C9E008-C834-4267-AFFD-35D4916B7EEC}\mpengine.dll

2014-03-11 14:09 . 2014-03-11 14:09 -------- d-----w- c:\windows\ERUNT

2014-03-11 14:08 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2014-03-11 14:08 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2014-03-11 14:04 . 2014-02-17 22:03 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-11 14:04 . 2014-02-17 22:03 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-11 13:43 . 2014-03-11 13:51 -------- d-----w- C:\AdwCleaner

2014-03-11 11:14 . 2012-09-20 07:55 3265256 ----a-w- c:\windows\system32\drivers\evbda.sys

2014-03-11 11:13 . 2012-09-20 06:33 92672 ----a-w- c:\windows\system32\drvinst.exe

2014-03-11 11:08 . 2013-10-08 22:27 3279872 ----a-w- c:\windows\system32\wuaueng.dll

2014-03-11 11:07 . 2012-10-11 05:45 3236864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2014-03-11 11:06 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll

2014-03-11 10:56 . 2012-10-12 06:14 652800 ----a-w- c:\windows\system32\srmscan.dll

2014-03-11 10:55 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll

2014-03-11 10:55 . 2012-10-17 04:32 1172992 ----a-w- c:\windows\system32\mfnetsrc.dll

2014-03-11 10:55 . 2012-10-17 04:32 677888 ----a-w- c:\windows\system32\mfnetcore.dll

2014-03-11 10:55 . 2012-10-17 04:32 673280 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll

2014-03-11 10:55 . 2012-10-17 03:57 929792 ----a-w- c:\windows\SysWow64\mfnetsrc.dll

2014-03-11 10:55 . 2012-10-17 03:57 568832 ----a-w- c:\windows\SysWow64\mfnetcore.dll

2014-03-11 10:55 . 2012-10-17 03:57 513024 ----a-w- c:\windows\SysWow64\mfmpeg2srcsnk.dll

2014-03-11 10:51 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys

2014-03-11 10:51 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys

2014-03-11 10:51 . 2013-05-04 04:48 27648 ----a-w- c:\windows\system32\drivers\hidusb.sys

2014-03-11 10:46 . 2014-03-11 10:48 -------- d-----w- C:\FRST

2014-03-11 10:43 . 2012-11-20 05:24 1164800 ----a-w- c:\windows\SysWow64\Display.dll

2014-03-11 10:43 . 2012-11-20 05:17 1184256 ----a-w- c:\windows\system32\Display.dll

2014-03-11 10:43 . 2012-11-20 05:02 6656 ----a-w- c:\windows\SysWow64\KBDKURD.DLL

2014-03-11 10:43 . 2012-11-20 04:59 7168 ----a-w- c:\windows\system32\KBDKURD.DLL

2014-03-11 10:43 . 2012-11-20 04:56 27136 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-03-11 10:43 . 2012-11-20 04:54 39936 ----a-w- c:\windows\system32\drivers\hidi2c.sys

2014-03-11 10:41 . 2013-08-02 06:28 19758080 ----a-w- c:\windows\system32\shell32.dll

2014-03-06 07:41 . 2012-10-08 18:06 261632 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2014-03-06 07:41 . 2012-10-08 18:06 261632 ----a-w- c:\windows\system32\Spool\prtprocs\x64\1_EKIJ5000PPR.dll

2014-03-06 07:40 . 2014-03-06 07:40 -------- d-----w- c:\windows\system32\kodak

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\programdata\PrintProjects

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\program files (x86)\PrintProjects

2014-03-06 06:38 . 2014-03-06 06:38 -------- d-----w- c:\programdata\Visan

2014-03-06 06:35 . 2014-03-06 06:36 -------- d-----w- c:\windows\SysWow64\kodak

2014-03-06 06:35 . 2014-03-06 06:35 -------- d-----w- c:\windows\SysWow64\spool

2014-03-06 06:34 . 2014-03-06 06:35 -------- d-----w- c:\program files (x86)\Kodak

2014-03-06 06:33 . 2014-03-11 14:03 -------- d-----w- c:\programdata\Kodak

2014-03-06 01:16 . 2014-02-05 03:09 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-03-06 01:09 . 2013-01-09 23:26 1611776 ----a-w- c:\windows\SysWow64\mmc.exe

2014-03-06 01:09 . 2013-01-09 23:23 2094592 ----a-w- c:\windows\system32\mmc.exe

2014-03-06 01:09 . 2013-01-09 23:23 1964544 ----a-w- c:\windows\system32\wlidsvc.dll

2014-03-06 01:09 . 2013-01-09 23:23 274432 ----a-w- c:\windows\system32\srmstormod.dll

2014-03-06 01:09 . 2013-01-09 23:23 1886208 ----a-w- c:\windows\system32\setupapi.dll

2014-03-06 01:09 . 2013-01-10 01:53 28904 ----a-w- c:\windows\system32\drivers\msgpiowin32.sys

2014-03-06 01:09 . 2013-01-09 23:26 202752 ----a-w- c:\windows\SysWow64\srmstormod.dll

2014-03-06 01:09 . 2013-01-09 23:26 1752064 ----a-w- c:\windows\SysWow64\setupapi.dll

2014-03-06 01:09 . 2013-01-09 23:23 406016 ----a-w- c:\windows\system32\Windows.Media.dll

2014-03-06 01:09 . 2013-01-09 23:22 438272 ----a-w- c:\windows\system32\lsm.dll

2014-03-06 01:07 . 2012-10-10 07:04 94208 ----a-w- c:\windows\system32\synceng.dll

2014-03-06 01:07 . 2012-10-10 06:31 72192 ----a-w- c:\windows\SysWow64\synceng.dll

2014-03-06 01:07 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-06 01:04 . 2013-08-16 05:39 2371728 ----a-w- c:\windows\system32\WSService.dll

2014-03-06 01:03 . 2013-07-01 22:14 43008 ----a-w- c:\windows\system32\drivers\usbscan.sys

2014-03-06 01:03 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys

2014-03-06 01:00 . 2012-08-31 00:52 17888 ----a-w- c:\windows\system32\msvcr100_clr0400.dll

2014-03-06 01:00 . 2012-08-31 00:53 17888 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll

2014-03-06 00:58 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe

2014-03-06 00:57 . 2013-10-10 09:32 115712 ----a-w- c:\windows\SysWow64\cscript.exe

2014-03-06 00:50 . 2012-10-24 03:24 405504 ----a-w- c:\windows\system32\pcasvc.dll

2014-03-06 00:49 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll

2014-03-06 00:48 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll

2014-03-06 00:47 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll

2014-02-24 03:00 . 2014-02-24 03:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2014-02-23 11:35 . 2014-02-23 11:36 -------- d-----w- c:\program files (x86)\Google

2014-02-23 11:34 . 2014-02-23 11:34 -------- d-----w- c:\program files (x86)\WinPcap

2014-02-23 11:34 . 2014-02-23 11:34 -------- d-----w- c:\program files (x86)\Trend Micro

2014-02-23 11:23 . 2014-02-23 11:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-23 11:23 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-23 11:22 . 2014-02-23 11:22 -------- d-----w- c:\programdata\Malwarebytes

2014-02-23 11:16 . 2012-08-20 14:48 19032 ------w- c:\windows\system32\pwdrvio.sys

2014-02-23 11:16 . 2012-08-20 14:48 2966720 ----a-w- c:\windows\system32\pwNative.exe

2014-02-23 11:16 . 2012-08-20 14:48 12384 ------w- c:\windows\system32\pwdspio.sys

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- c:\program files\AuthenTec

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- c:\program files (x86)\Intel

2014-02-23 10:52 . 2014-02-23 10:52 -------- d-----w- C:\Intel

2014-02-23 10:46 . 2014-02-23 10:47 -------- d-----w- c:\programdata\PRICache

2014-02-23 10:46 . 2014-02-24 09:49 -------- d-----w- c:\users\robin

2014-02-23 10:19 . 2014-02-23 10:46 -------- d-----w- c:\windows\Panther

2014-02-23 10:18 . 2014-02-23 10:22 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-23 10:46 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2013-07-26 1102872]

"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\System32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]

S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-06 00:40 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 11:35]

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 11:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-15 168480]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-15 393248]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-15 417824]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Completion time: 2014-03-11  08:57:18

ComboFix-quarantined-files.txt  2014-03-11 15:57

ComboFix2.txt  2014-03-11 15:16

.

Pre-Run: 467,767,767,040 bytes free

Post-Run: 467,720,294,400 bytes free

.

- - End Of File - - B9A780280C96FBC2C957D72111F49F4D

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Staff

Hello robinredd

I am working as fast as I can.

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

 

 Here is the last request u asked for the c:\ qoobox\add-remove.txt copied and pasted in the run box results. im so greatfull for you helping me , i didnt mean to make u feel rushed. robin

 

 center

essentials

Google Chrome

Google Update Helper

KODAK AiO Software

Malwarebytes Anti-Malware version 1.75.0.1300

ocr

PreReq

PrintProjects

Trend Micro RUBotted 2.0 Beta

WinPcap 4.1.3

 

aioscnnr

center

essentials

Google Chrome

Google Update Helper

KODAK AiO Software

Malwarebytes Anti-Malware version 1.75.0.1300

ocr

PreReq

PrintProjects

Trend Micro RUBotted 2.0 Beta

WinPcap 4.1.3
Link to post
Share on other sites

  • Staff

Hello

You are doing just fine.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:49:50 PM, on 3/12/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16798)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

D:\HBCD\HBCDMenu.exe

C:\Users\robin\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe

C:\Users\robin\Documents\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 5725 bytes

here is the highjack this im waiting on the malwarebytes..everything seems to be running good

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:22:49 PM, on 3/12/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16798)

Boot mode: Normal

 

Running processes:

C:\Users\robin\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\robin\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll

O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}

O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 6593 bytes


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:53:04 PM, on 3/12/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16798)

Boot mode: Normal

 

Running processes:

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\robin\Downloads\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe

O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol hijack: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC}

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll

O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}

O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 7389 bytes

the fisrt mbytes scan was accidently ran befor the cclener here is the revised scan and highjack this log..

also when lap top goes into sleep mode and i wake it up or i restart it i get this error message. ill put it on the next post screen

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

I normaly remove any extra startups That I see in the Hijackthis report to speed things up but yours look very good - Great Job!! :)

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

C:\Users\robin\Documents\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application 

this scan was done without the archives.

so you never did tell me about any paticulars on any of the scans, other than everything looks ok. does ok mean you didnt see anything out of the norm?

this scan here only picked up the ccleaner. what does it mean on the one scan removed orphen. not to be a pain ,ill never learn if i dont ask . is their certain sections to pay attention to in those scans .so i can look them over in my previos post on this thread.

      robin

Link to post
Share on other sites

  • Staff

Hello robinredd

All the reports looked great and there was nothing to report in any of them

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.

    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.
    Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is

    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

Here is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

# DelFix v10.6 - Logfile created 14/03/2014 at 15:57:35

# Updated 11/11/2013 by Xplode

# Username : robin - ROBIN

# Operating System : Windows 8 Pro  (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #20 [End of disinfection | 03/14/2014 21:54:33]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

. the first delfix i ran ,i dont know what happened to it i feel asleep. so i ran it again . i ran the combo fix uninstaller .and i was waiting to finish all these scan and install norton 2014.thank you so much you have so helpfull. its really nice that their are people out their that will help u and not just worrie about their pockets like the goverment.

robin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.