Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Recommended Posts

I'm at my wits end, I contracted the FBI Moneypak virus the other day and can't get rid of it. I have Symantec and ran a scan, no luck. Malwarebytes didn't pick up anything either. I can only run in safe mode. I have Windows 8. Please help. BTW can I safely backup my files to an external hard drive? JB

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Try the following from Safemode:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

EVERYTHING is disabled, running in safe mode and can do very little. Here are the results of the scan. And thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-03-2014 01
Ran by jb_co_000 (administrator) on SLINGER on 12-03-2014 18:01:55
Running from C:\Users\TEMP.SLINGER.002\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [lxdxmon.exe] - C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-08] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-934364362-906362943-3399077200-1001\...\RunOnce: [RegAutoPlay] - C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845392 2012-10-24] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x82F350492F3ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL =
SearchScopes: HKCU - {89CE297A-7D50-409A-9354-7C55F1F92E1F} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://8.27.217.28:5090/codebase/DVM_IPCam2.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.155.0.1 10.121.0.20 208.67.222.222

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-17] (ELAN Microelectronics Corp.)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
S2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259728 2013-01-05] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-08] (Dritek System INC.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140304.011\BHDrvx64.sys [1526488 2014-01-14] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140309.011\IDSvia64.sys [521944 2014-01-15] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-03-05] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140311.001\ENG64.SYS [126040 2013-12-27] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140311.001\EX64.SYS [2099288 2013-12-27] (Symantec Corporation)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-07-25] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-08] (Dritek System Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [74752 2013-04-03] (Identive)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-03-12] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SymELAM.sys [23448 2012-11-03] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-05-30] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2013-05-30] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [92544 2012-11-03] (Symantec Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-12 18:01 - 2014-03-12 18:02 - 00014647 _____ () C:\Users\TEMP.SLINGER.002\Desktop\FRST.txt
2014-03-12 18:01 - 2014-03-12 18:01 - 00000000 ____D () C:\FRST
2014-03-12 18:00 - 2014-03-12 18:00 - 02157056 _____ (Farbar) C:\Users\TEMP.SLINGER.002\Desktop\FRST64.exe
2014-03-12 17:57 - 2014-03-12 17:57 - 00022101 _____ () C:\Users\TEMP.SLINGER.002\Desktop\dds.txt
2014-03-12 17:57 - 2014-03-12 17:57 - 00015374 _____ () C:\Users\TEMP.SLINGER.002\Desktop\attach.txt
2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-12 17:55 - 2014-03-12 17:55 - 00688992 ____R (Swearware) C:\Users\TEMP.SLINGER.002\Desktop\dds.scr
2014-03-12 15:14 - 2014-03-12 17:55 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\NPE
2014-03-12 15:14 - 2014-03-12 15:14 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-03-12 15:14 - 2014-03-12 15:14 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-03-12 15:13 - 2014-03-12 15:14 - 03053496 ____N (Symantec Corporation) C:\Users\TEMP.SLINGER.002\Desktop\NPE.exe
2014-03-12 15:07 - 2014-03-12 15:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\clear.fi
2014-03-12 10:19 - 2014-03-12 10:20 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\TeamViewer
2014-03-12 09:03 - 2014-03-12 09:03 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 09:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 08:56 - 2014-03-12 09:02 - 00002538 _____ () C:\Users\TEMP.SLINGER.002\Desktop\Rkill.txt
2014-03-12 08:56 - 2014-03-12 08:56 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill64.com
2014-03-12 08:51 - 2014-03-12 08:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill.com
2014-03-12 08:36 - 2014-03-12 08:51 - 103962904 _____ (Microsoft Corporation) C:\Users\TEMP.SLINGER.002\Desktop\msert.exe
2014-03-12 07:59 - 2014-03-12 08:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEMP.SLINGER.002\Desktop\mbam-consumer.exe
2014-03-12 07:36 - 2014-03-12 07:36 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Malwarebytes
2014-03-12 07:16 - 2014-03-12 07:16 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Macromedia
2014-03-12 07:10 - 2014-03-12 07:10 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Adobe
2014-03-12 07:07 - 2014-03-12 10:22 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\IObit
2014-03-12 07:07 - 2014-03-12 10:08 - 00000000 ____D () C:\Users\TEMP.SLINGER.002
2014-03-12 07:07 - 2014-03-12 07:07 - 00000020 ___SH () C:\Users\TEMP.SLINGER.002\ntuser.ini
2014-03-12 07:07 - 2013-08-19 03:19 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 07:07 - 2013-06-20 09:28 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-12 07:07 - 2013-06-01 20:23 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\Microsoft Help
2014-03-12 07:07 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-12 07:07 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-12 07:02 - 2014-03-12 07:05 - 00000000 ____D () C:\Users\TEMP.SLINGER.001
2014-03-12 07:02 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001\AppData\Local\Symantec
2014-03-12 05:42 - 2014-03-12 05:45 - 00000000 ____D () C:\Users\TEMP.SLINGER.000
2014-03-12 05:42 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000\AppData\Local\Symantec
2014-03-12 05:12 - 2014-03-12 05:22 - 00000000 ____D () C:\Users\TEMP.SLINGER
2014-03-12 05:12 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER\AppData\Local\Symantec
2014-03-11 17:16 - 2014-03-12 09:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 17:16 - 2014-03-11 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 16:08 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Symantec
2014-03-11 15:51 - 2014-03-11 15:51 - 00005000 _____ () C:\Windows\PFRO.log
2014-03-11 15:51 - 2014-03-11 15:51 - 00000000 _____ () C:\asc_rdflag
2014-03-11 15:16 - 2014-03-11 15:16 - 02995484 _____ () C:\Users\jb_co_000\Desktop\SLINGER__2014_03_11__14_55_18_TSF.sdbz
2014-03-11 14:53 - 2014-03-11 14:55 - 05671080 _____ (Symantec Corporation) C:\Users\jb_co_000\Downloads\SymHelp.exe
2014-03-09 20:18 - 2014-03-09 20:18 - 00083125 _____ () C:\Users\jb_co_000\Downloads\The Dance of Death 4-0 Beta - Ultimate Edition-10906-4-0.7z
2014-03-09 20:17 - 2014-03-09 20:17 - 00002452 _____ () C:\Users\jb_co_000\Downloads\0 Dragonborn-Dawnguard Compatibility Patch-60-.rar
2014-03-09 20:15 - 2014-03-09 20:21 - 43448187 _____ () C:\Users\jb_co_000\Downloads\Enhanced Blood Textures 3_5d-60-3-5d.rar
2014-03-06 17:47 - 2014-03-06 17:47 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 17:47 - 2014-03-06 17:47 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skype
2014-03-06 15:31 - 2014-03-12 08:57 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-06 11:28 - 2014-03-10 08:02 - 00065024 ___SH () C:\Users\jb_co_000\Desktop\Thumbs.db
2014-03-05 06:18 - 2014-03-05 06:18 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-03-05 06:18 - 2014-03-05 06:18 - 00584272 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-03-05 06:17 - 2014-03-05 06:18 - 00000000 ____D () C:\DrvInstall
2014-03-05 06:12 - 2014-03-12 07:02 - 00000308 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-03-05 06:12 - 2014-03-05 06:12 - 00003222 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-03-05 06:12 - 2014-03-05 06:12 - 00002570 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-03-05 06:00 - 2014-03-12 07:04 - 00168111 _____ () C:\MyXML.xml
2014-03-05 06:00 - 2014-03-05 06:00 - 00003168 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate
2014-03-05 05:50 - 2014-03-05 05:50 - 00002410 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-05 05:50 - 2014-03-05 05:50 - 00002374 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_jb_co_000
2014-03-05 05:50 - 2014-03-05 05:50 - 00000302 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-03-05 05:50 - 2014-03-05 05:50 - 00000266 _____ () C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job
2014-03-02 11:55 - 2014-03-02 11:55 - 00001060 _____ () C:\Users\jb_co_000\Desktop\Downloads.lnk
2014-03-02 11:55 - 2014-03-02 11:55 - 00000660 _____ () C:\Users\jb_co_000\Desktop\Games.lnk
2014-02-26 17:23 - 2014-02-26 17:23 - 00000000 _____ () C:\Users\jb_co_000\Downloads\2932_WSG_ProtectingYourDatawithWindows8BitLocker_External.docx.kbtwykk.partial
2014-02-25 18:19 - 2014-03-09 06:29 - 00000000 ____D () C:\Users\jb_co_000\Documents\Skyrim Stuff
2014-02-24 10:53 - 2014-02-25 18:17 - 00000000 ____D () C:\Users\jb_co_000\Documents\Streaming Video Recorder
2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Apowersoft
2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-02-24 10:52 - 2013-06-02 05:56 - 00031920 _____ (Wondershare) C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys
2014-02-24 10:52 - 2013-06-01 21:07 - 00443568 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll
2014-02-24 10:52 - 2013-06-01 21:07 - 00271536 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll
2014-02-24 10:52 - 2013-06-01 21:07 - 00181424 ____H (Bytescout) C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll
2014-02-22 04:00 - 2014-02-17 17:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 04:00 - 2014-02-17 17:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 19:13 - 2014-03-04 18:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-02-19 14:13 - 2014-03-05 06:20 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\backburner
2014-02-18 19:57 - 2014-03-12 08:57 - 00000000 ____D () C:\Users\jb_co_000\Desktop\SHORTCUTS
2014-02-18 19:56 - 2014-03-08 15:25 - 00000000 ____D () C:\Users\jb_co_000\Desktop\Game Stuff
2014-02-18 19:28 - 2014-02-18 19:28 - 00000904 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-02-15 22:48 - 2014-02-15 22:48 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-15 22:48 - 2014-02-15 22:48 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\Downloads\CINEBENCH_R15
2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\MAXON
2014-02-11 15:36 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 15:36 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 15:36 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 15:36 - 2014-02-01 04:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-11 15:36 - 2014-02-01 04:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 15:36 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 15:36 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 15:36 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 15:36 - 2014-02-01 02:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 15:36 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 15:36 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 15:36 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 15:36 - 2014-02-01 00:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-11 15:31 - 2013-12-04 18:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 15:31 - 2013-12-04 18:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 15:30 - 2013-12-08 19:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 15:30 - 2013-12-08 18:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 15:30 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 15:30 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 15:30 - 2013-11-01 00:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-11 15:25 - 2014-01-12 18:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 15:25 - 2014-01-12 18:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 15:25 - 2013-11-19 19:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 15:25 - 2013-11-19 18:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-12 18:02 - 2014-03-12 18:01 - 00014647 _____ () C:\Users\TEMP.SLINGER.002\Desktop\FRST.txt
2014-03-12 18:01 - 2014-03-12 18:01 - 00000000 ____D () C:\FRST
2014-03-12 18:00 - 2014-03-12 18:00 - 02157056 _____ (Farbar) C:\Users\TEMP.SLINGER.002\Desktop\FRST64.exe
2014-03-12 17:57 - 2014-03-12 17:57 - 00022101 _____ () C:\Users\TEMP.SLINGER.002\Desktop\dds.txt
2014-03-12 17:57 - 2014-03-12 17:57 - 00015374 _____ () C:\Users\TEMP.SLINGER.002\Desktop\attach.txt
2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-12 17:56 - 2014-03-12 17:56 - 00000000 ___RD () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-12 17:55 - 2014-03-12 17:55 - 00688992 ____R (Swearware) C:\Users\TEMP.SLINGER.002\Desktop\dds.scr
2014-03-12 17:55 - 2014-03-12 15:14 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\NPE
2014-03-12 15:14 - 2014-03-12 15:14 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2014-03-12 15:14 - 2014-03-12 15:14 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2014-03-12 15:14 - 2014-03-12 15:13 - 03053496 ____N (Symantec Corporation) C:\Users\TEMP.SLINGER.002\Desktop\NPE.exe
2014-03-12 15:14 - 2013-03-08 21:57 - 00000000 ____D () C:\ProgramData\Norton
2014-03-12 15:07 - 2014-03-12 15:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Local\clear.fi
2014-03-12 10:22 - 2014-03-12 07:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\IObit
2014-03-12 10:20 - 2014-03-12 10:19 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\TeamViewer
2014-03-12 10:08 - 2014-03-12 07:07 - 00000000 ____D () C:\Users\TEMP.SLINGER.002
2014-03-12 09:03 - 2014-03-12 09:03 - 00001131 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 09:03 - 2014-03-11 17:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 09:02 - 2014-03-12 08:56 - 00002538 _____ () C:\Users\TEMP.SLINGER.002\Desktop\Rkill.txt
2014-03-12 08:57 - 2014-03-06 15:31 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-12 08:57 - 2014-02-18 19:57 - 00000000 ____D () C:\Users\jb_co_000\Desktop\SHORTCUTS
2014-03-12 08:57 - 2014-02-07 16:41 - 00000000 ____D () C:\BOSS
2014-03-12 08:57 - 2014-01-06 13:56 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Skype
2014-03-12 08:57 - 2014-01-06 13:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 08:57 - 2014-01-06 13:55 - 00000000 ____D () C:\ProgramData\Skype
2014-03-12 08:57 - 2013-12-23 15:05 - 00000000 ___RD () C:\Windows\BrowserChoice
2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-12 08:57 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-12 08:56 - 2014-03-12 08:56 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill64.com
2014-03-12 08:51 - 2014-03-12 08:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\TEMP.SLINGER.002\Desktop\rkill.com
2014-03-12 08:51 - 2014-03-12 08:36 - 103962904 _____ (Microsoft Corporation) C:\Users\TEMP.SLINGER.002\Desktop\msert.exe
2014-03-12 08:00 - 2014-03-12 07:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEMP.SLINGER.002\Desktop\mbam-consumer.exe
2014-03-12 07:36 - 2014-03-12 07:36 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Malwarebytes
2014-03-12 07:16 - 2014-03-12 07:16 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Macromedia
2014-03-12 07:11 - 2012-07-26 02:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 07:10 - 2014-03-12 07:10 - 00000000 ____D () C:\Users\TEMP.SLINGER.002\AppData\Roaming\Adobe
2014-03-12 07:07 - 2014-03-12 07:07 - 00000020 ___SH () C:\Users\TEMP.SLINGER.002\ntuser.ini
2014-03-12 07:05 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001
2014-03-12 07:05 - 2013-05-30 16:08 - 01836177 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 07:04 - 2014-03-05 06:00 - 00168111 _____ () C:\MyXML.xml
2014-03-12 07:03 - 2013-12-22 15:44 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 07:02 - 2014-03-12 07:02 - 00000000 ____D () C:\Users\TEMP.SLINGER.001\AppData\Local\Symantec
2014-03-12 07:02 - 2014-03-05 06:12 - 00000308 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-03-12 07:01 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 05:45 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000
2014-03-12 05:42 - 2014-03-12 05:42 - 00000000 ____D () C:\Users\TEMP.SLINGER.000\AppData\Local\Symantec
2014-03-12 05:23 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-12 05:22 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER
2014-03-12 05:12 - 2014-03-12 05:12 - 00000000 ____D () C:\Users\TEMP.SLINGER\AppData\Local\Symantec
2014-03-11 17:16 - 2014-03-11 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 17:00 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-11 16:08 - 2014-03-11 16:08 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Symantec
2014-03-11 15:51 - 2014-03-11 15:51 - 00005000 _____ () C:\Windows\PFRO.log
2014-03-11 15:51 - 2014-03-11 15:51 - 00000000 _____ () C:\asc_rdflag
2014-03-11 15:51 - 2013-12-29 00:03 - 87539712 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-03-11 15:51 - 2013-12-29 00:03 - 00720896 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-03-11 15:51 - 2013-12-29 00:03 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-03-11 15:51 - 2013-12-29 00:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-03-11 15:51 - 2013-05-30 19:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 15:51 - 2013-05-30 16:08 - 00000000 ____D () C:\Users\jb_co_000
2014-03-11 15:49 - 2013-05-30 16:16 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934364362-906362943-3399077200-1001
2014-03-11 15:23 - 2013-06-01 19:33 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\CrashDumps
2014-03-11 15:16 - 2014-03-11 15:16 - 02995484 _____ () C:\Users\jb_co_000\Desktop\SLINGER__2014_03_11__14_55_18_TSF.sdbz
2014-03-11 14:59 - 2013-12-22 15:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 14:55 - 2014-03-11 14:53 - 05671080 _____ (Symantec Corporation) C:\Users\jb_co_000\Downloads\SymHelp.exe
2014-03-11 14:52 - 2013-05-30 19:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 08:02 - 2014-03-06 11:28 - 00065024 ___SH () C:\Users\jb_co_000\Desktop\Thumbs.db
2014-03-10 03:53 - 2013-12-28 14:02 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skyrim
2014-03-09 21:32 - 2014-01-15 16:05 - 00000000 ____D () C:\Users\jb_co_000\Documents\Nexus Mod Manager
2014-03-09 20:21 - 2014-03-09 20:15 - 43448187 _____ () C:\Users\jb_co_000\Downloads\Enhanced Blood Textures 3_5d-60-3-5d.rar
2014-03-09 20:18 - 2014-03-09 20:18 - 00083125 _____ () C:\Users\jb_co_000\Downloads\The Dance of Death 4-0 Beta - Ultimate Edition-10906-4-0.7z
2014-03-09 20:17 - 2014-03-09 20:17 - 00002452 _____ () C:\Users\jb_co_000\Downloads\0 Dragonborn-Dawnguard Compatibility Patch-60-.rar
2014-03-09 08:03 - 2013-11-17 09:59 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-09 06:29 - 2014-02-25 18:19 - 00000000 ____D () C:\Users\jb_co_000\Documents\Skyrim Stuff
2014-03-09 06:13 - 2013-05-30 16:45 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Deployment
2014-03-08 15:25 - 2014-02-18 19:56 - 00000000 ____D () C:\Users\jb_co_000\Desktop\Game Stuff
2014-03-08 01:34 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-07 14:42 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-06 17:47 - 2014-03-06 17:47 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 17:47 - 2014-03-06 17:47 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Skype
2014-03-05 06:20 - 2014-02-19 14:13 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\backburner
2014-03-05 06:20 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\PcSetup
2014-03-05 06:20 - 2013-03-08 22:01 - 00000000 ____D () C:\ProgramData\install_clap
2014-03-05 06:20 - 2013-03-08 21:56 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-05 06:20 - 2013-03-08 21:31 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-03-05 06:19 - 2013-11-28 10:52 - 00000000 ____D () C:\Users\jb_co_000\Documents\Lease
2014-03-05 06:19 - 2013-11-28 10:51 - 00000000 ____D () C:\Users\jb_co_000\Documents\Audi
2014-03-05 06:19 - 2013-11-28 10:50 - 00000000 ____D () C:\Users\jb_co_000\Documents\CH 13
2014-03-05 06:19 - 2013-08-22 07:12 - 00000000 ____D () C:\Users\jb_co_000\Documents\Workout
2014-03-05 06:19 - 2013-08-15 22:38 - 00000000 ____D () C:\Users\jb_co_000\Documents\159
2014-03-05 06:19 - 2013-07-30 20:46 - 00000000 ____D () C:\Users\jb_co_000\Documents\PCS 2013
2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Records Jan 08
2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Records AUG 09
2014-03-05 06:19 - 2013-05-30 16:47 - 00000000 ____D () C:\Users\jb_co_000\Documents\My records
2014-03-05 06:19 - 2013-05-30 16:25 - 00000000 ____D () C:\Users\jb_co_000\Documents\MCCC
2014-03-05 06:19 - 2013-05-30 16:25 - 00000000 ____D () C:\Users\jb_co_000\Documents\Kathy
2014-03-05 06:19 - 2013-05-30 16:22 - 00000000 ____D () C:\Users\jb_co_000\Documents\CGSOC
2014-03-05 06:19 - 2013-05-30 16:22 - 00000000 ____D () C:\Users\jb_co_000\Documents\BlackOut Tactical
2014-03-05 06:19 - 2013-05-30 16:12 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-03-05 06:19 - 2013-03-08 21:27 - 00000000 ____D () C:\Dolby PCEE4
2014-03-05 06:18 - 2014-03-05 06:18 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-03-05 06:18 - 2014-03-05 06:18 - 00584272 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-03-05 06:18 - 2014-03-05 06:18 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-03-05 06:18 - 2014-03-05 06:17 - 00000000 ____D () C:\DrvInstall
2014-03-05 06:12 - 2014-03-05 06:12 - 00003222 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-03-05 06:12 - 2014-03-05 06:12 - 00002570 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\IObit
2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\ProgramData\IObit
2014-03-05 06:12 - 2013-09-27 20:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-05 06:00 - 2014-03-05 06:00 - 00003168 _____ () C:\Windows\System32\Tasks\StartMenuAutoupdate
2014-03-05 05:50 - 2014-03-05 05:50 - 00002410 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-03-05 05:50 - 2014-03-05 05:50 - 00002374 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_jb_co_000
2014-03-05 05:50 - 2014-03-05 05:50 - 00000302 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-03-05 05:50 - 2014-03-05 05:50 - 00000266 _____ () C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job
2014-03-04 18:07 - 2014-02-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-02 14:05 - 2013-06-01 20:20 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-02 11:55 - 2014-03-02 11:55 - 00001060 _____ () C:\Users\jb_co_000\Desktop\Downloads.lnk
2014-03-02 11:55 - 2014-03-02 11:55 - 00000660 _____ () C:\Users\jb_co_000\Desktop\Games.lnk
2014-02-26 17:23 - 2014-02-26 17:23 - 00000000 _____ () C:\Users\jb_co_000\Downloads\2932_WSG_ProtectingYourDatawithWindows8BitLocker_External.docx.kbtwykk.partial
2014-02-25 18:19 - 2013-05-30 16:51 - 00000000 ____D () C:\Users\jb_co_000\Documents\Bluetooth Folder
2014-02-25 18:17 - 2014-02-24 10:53 - 00000000 ____D () C:\Users\jb_co_000\Documents\Streaming Video Recorder
2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\Apowersoft
2014-02-24 10:52 - 2014-02-24 10:52 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-02-20 17:55 - 2013-12-28 13:54 - 00000000 ____D () C:\Users\jb_co_000\Documents\My Games
2014-02-19 19:12 - 2014-01-15 17:02 - 00000000 ____D () C:\Games
2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-02-19 17:14 - 2014-02-19 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-02-18 19:28 - 2014-02-18 19:28 - 00000904 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-02-18 19:28 - 2014-02-07 17:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-02-17 17:03 - 2014-02-22 04:00 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 17:03 - 2014-02-22 04:00 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 14:41 - 2013-09-28 02:20 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-02-17 04:51 - 2013-08-18 18:02 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\vlc
2014-02-16 20:37 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-02-16 20:31 - 2013-07-22 14:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:18 - 2013-05-30 16:08 - 00000000 ___RD () C:\Users\jb_co_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 03:18 - 2013-05-30 16:08 - 00000000 ___RD () C:\Users\jb_co_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 03:14 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-02-15 22:48 - 2014-02-15 22:48 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-15 22:48 - 2014-02-15 22:48 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-15 03:54 - 2013-12-22 15:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 03:54 - 2013-12-22 15:44 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\Downloads\CINEBENCH_R15
2014-02-13 15:21 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\jb_co_000\AppData\Roaming\MAXON
2014-02-10 12:29 - 2013-05-30 16:45 - 00000000 ____D () C:\Users\jb_co_000\AppData\Local\Apps\2.0

Some content of TEMP:
====================
C:\Users\jb_co_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TEMP.SLINGER.002\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-08 04:00

==================== End Of Log ============================

 

 

 

And the second file:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2014 01
Ran by jb_co_000 at 2014-03-12 18:02:25
Running from C:\Users\TEMP.SLINGER.002\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0077 - NTI Corporation)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3002 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.2.0 - IObit)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk MatchMover 2013 64-bit (HKLM\...\{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0077 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.2 - IObit)
Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
ETDWare PS/2-X64 11.6.19.204_WHQL (HKLM\...\Elantech) (Version: 11.6.19.204 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Game Assistant (HKLM-x32\...\GameAssistant_is1) (Version: Beta 1.1 - VTools)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{1C8D89D8-6B60-4034-9934-3AE90101CB22}) (Version: 1.1.3 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.8.2434 - IObit)
IPcamera (HKLM-x32\...\{584607EC-B6DE-4F33-A380-E525167CDDCE}) (Version: 1.2.9 - Foscam)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManageMyMobile (HKLM-x32\...\ManageMyMobile_is1) (Version: 1.0 - IObit)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe  - NETGEAR Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.30 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteamVR (HKLM-x32\...\Steam App 250820) (Version:  - )
Streaming Video Recorder V4.6.8 (HKLM-x32\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.6.8 - Apowersoft)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.15 - Telltale Games)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

20-02-2014 00:13:30 Installed Steam
27-02-2014 09:22:08 Scheduled Checkpoint
05-03-2014 11:16:53 Driver Booster : Bluetooth USB Module
06-03-2014 20:30:23 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {122642E5-8DFF-4358-B9B0-9FA25D816871} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {19CCAE54-70A1-4C56-BB05-49D318A9B6EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {1AA068F7-F0C9-44E5-87BD-D6D54B9F2666} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1F44A1B6-88F9-4E24-ACFF-A9706217984A} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADC03A3-C6E5-489A-A7BF-D63F884D1853} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {3DE3068C-DA0A-416A-94A6-D5C32539BC5A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {4B7C2693-3AE2-46FE-80A9-9F6B11A2795E} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {4F4BCD84-0D20-4A04-9767-360857752A16} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {56DD59E1-3928-4999-871D-FC73A5A27ABB} - System32\Tasks\ASC7_SkipUac_jb_co_000 => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-02-14] (IObit)
Task: {5FFD5723-3FB7-439A-A850-6057AB2F5017} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {645646D5-1128-4F32-9E3F-ADE62394C7AF} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {77AB42A0-DB09-4558-A05D-DB48C0396008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {7F4350DE-5CC7-4C86-A6FD-661384871F11} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {9074AB62-E4EE-4B81-A30C-B363BA8BC948} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {909FDB85-925E-4A3C-BF3E-15BD58C73D30} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2013-11-25] ()
Task: {94B0B10D-090B-435A-A30A-6D152D3DF957} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {9F4A7C67-8310-4A26-8584-47DD3699136D} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A95EE518-7A89-4DD6-80AA-FE2CA0E3303D} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {AA708C68-3A69-4311-8B66-D1E0FAC0C696} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-02-11] (IObit)
Task: {B175D08B-AB7B-4FBF-8AC8-3BBCEED83439} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-13] (IObit)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E4C31161-D1AA-4348-A808-0D222561CCAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3A186E2-9390-4BCF-A748-7FD6C87F1541} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASC7_SkipUac_jb_co_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410.SYS => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
MSCONFIG\startupreg: APSDaemon => "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
MSCONFIG\startupreg: BtPreLoad => "c:\program files (x86)\qualcomm atheros\bluetooth suite\btpreload.exe"
MSCONFIG\startupreg: iTunesHelper => "c:\program files (x86)\itunes\ituneshelper.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The configuration registry database is corrupt.

Error: (03/12/2014 07:07:41 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\jb_co_000\ntuser.dat

Error: (03/12/2014 07:05:01 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.SLINGER.001. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (03/12/2014 07:03:22 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Installed 7-Zip 9.20 (x64 edition)).

Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SLINGER)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The configuration registry database is corrupt.

Error: (03/12/2014 07:02:23 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\jb_co_000\ntuser.dat

System errors:
=============
Error: (03/12/2014 06:01:35 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2014 06:00:29 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2014 05:59:54 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2014 05:58:00 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/12/2014 05:57:23 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2014 05:56:59 PM) (Source: DCOM) (User: SLINGER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/12/2014 05:56:59 PM) (Source: DCOM) (User: SLINGER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/12/2014 05:56:57 PM) (Source: DCOM) (User: SLINGER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 5955.27 MB
Available physical RAM: 4184.74 MB
Total Pagefile: 11331.27 MB
Available Pagefile: 9807.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.95 GB) (Free:159.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9A864B2E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 19 GB) (Disk ID: 0DA3A100)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

See if you can boot to Normal mode and run Mlawarebytes, if no good in Normal mode try from Safemode with NW..

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Let me see those logs, also give an update on any remaining issues or concerns.

 

Kevin...

fixlist.txt

Link to post
Share on other sites

I'm still locked out of my account, I ran Malwarebytes and got the following but the other report is not on the desktop anymore. How can I get it for you?

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.13

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
jb_co_000 :: SLINGER [administrator]

Protection: Enabled

3/12/2014 7:06:37 PM
mbam-log-2014-03-12 (19-06-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | Heuristics/Extra | P2P
Objects scanned: 15985
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

I would scan any files before they are backed up anywhere... The best way forward with this type of infection is with Kaspersky Rescue CD, this is specifically designed for FBI type infections..

 

Kaspersky Rescue CD

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

Kasp1-1.png

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

Kasp2-1.png

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

Kasp3-1.png

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

Kasp5-1.png

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

Kasp6-1.png

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

Kasp7-1.png

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

Kasp8-1.png

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

Kasp9-1.png

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

Kasp10-1.png

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

Kasp11-1.png

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

Link to post
Share on other sites

Sorry, I haven't gotten back to you. I'm in Afghanistan and had to go to work. I tried what you listed above and I guess I didn't do something right because I'm still locked out. Itold the computer to boot from the CD drive and it acts like it wants to but then stops and reverts back to normal HDD boot.????????? I also tried creating another profile through the C: prompt and when I signed in I had normal access, well I ran malwarebytes and it found 93 threats. I deleted them and restarted the comp. Didn't work, I still don't have normal function. Here is that report:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.12.13

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

norton :: SLINGER [administrator]

 

Protection: Enabled

 

3/13/2014 8:57:12 AM

mbam-log-2014-03-13 (08-57-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 288353

Time elapsed: 5 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 22

C:\Program Files (x86)\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SEARCHPROTECT\STG (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

 

Files Detected: 69

C:\$Recycle.Bin\S-1-5-21-934364362-906362943-3399077200-1001\$R9TBX3O.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\SEARCHPROTECT\SEARCHPROTECT\STG\Init_3CAF.tmp (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTION\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\PROTECTIONDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\SEARCHPROTECT\UI\dialogs\UNINSTALL\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites

OK we try another offline tool..

 

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

 

WD2.png

 

In the new window accept the agreement:

 

WD2a.png

 

In the new window select your USB Flash Drive, then select "Next"

 

WD3.png

 

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

 

WD3a.png

 

In the new window accept the formatting alert by selecting "Next"

 

WD3b.png

 

Files will be Downloaded:

 

WD4.png

 

Files will be processed and created

 

WD5.png

 

Flash drive will be formatted and prepared

 

WD6.png

 

Files will be added to the Flash Drive and the tool will be created.

 

WD7.png

 

The procedure is finished and the Tool created, click on "Finish" to complete.

 

WD8.png

 

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt"

Open with notepad and copy and paste it into a reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.