Jump to content

computer shuts off after running MBAM for about a minute


Recommended Posts

hello! my laptop has been shutting off completely after performing a full scan on malwarebytes for a minute or two.

 

it also shuts off after playing games i have installed for a few minutes as well

 

this is a computer given to me by a friend out of state and i've only had it for a few days. i don't have anything that comes with the computer besides the power cord and the laptop itself

 

thank you in advance for helping me with this!

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download and save DDS to your Desktop from either of the following links:

 

http://download.bleepingcomputer.com/sUBs/dds.scr'>http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr'>http://compendiate.net/sUBs/dds/dds.scr

 

Note: You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents in your post.

 

Kevin..

Link to post
Share on other sites

here is the dds and attach logs:

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\SafeConnect\scClient.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

x64-SSODL: WebCheck -

Link to post
Share on other sites

whoops, that didn't go right. i forgot to shut off noscript

 

here are the logs:

 

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{08067DBF-FE56-4E16-B727-F5223112E893} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{08067DBF-FE56-4E16-B727-F5223112E893}\5534F4E4E4D2055524C49434 : DHCPNameServer = 137.99.25.14 137.99.203.20
TCP: Interfaces\{08067DBF-FE56-4E16-B727-F5223112E893}\84F445F53505F445F5742594C4C4 : DHCPNameServer = 24.205.192.61 24.205.224.36
TCP: Interfaces\{27716B40-C7EA-4A23-B55A-8DA27BA68628} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{60291132-2362-4A43-9D2D-C3486AF231FC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\qtlwjcm3.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-03-08 20:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\qtlwjcm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-7 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-17 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-7 2314240]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-7 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-3 62464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-14 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-20 44032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-7 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-7 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-18 1255736]
.
=============== Created Last 30 ================
.
2014-03-13 21:47:46    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B7E2B9C-0195-4995-BCD2-862E28477F0A}\mpengine.dll
2014-03-12 00:13:52    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 00:13:52    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 00:13:51    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 00:13:51    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-10 01:07:22    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-10 01:07:22    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-09 23:00:04    --------    d-----w-    C:\Program Files (x86)\Steam
2014-03-09 07:12:31    --------    d-----w-    C:\Users\Emily\AppData\Roaming\NitroplusCHiRAL
2014-03-09 07:06:50    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2014-03-09 07:03:09    --------    d-----w-    C:\Users\Emily\AppData\Local\Adobe
2014-03-09 04:50:12    --------    d-----w-    C:\Users\Emily\AppData\Roaming\DAEMON Tools Lite
2014-03-09 04:48:51    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2014-03-09 04:48:50    --------    d-----w-    C:\Users\Emily\AppData\Roaming\uTorrent
2014-03-09 03:55:33    --------    d-----w-    C:\Users\Emily\AppData\Roaming\SoftGrid Client
2014-03-09 03:45:24    --------    d-----w-    C:\Users\Emily\AppData\Local\Macromedia
2014-03-09 03:30:04    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57123C49-7AEB-4620-884A-CCBABC2F47D4}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-03-12 07:08:32    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 07:08:32    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 16:15:24.39 ===============
 

attach.txt

Link to post
Share on other sites

The header has been missed of DDS log completely, I need to see that,

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs,

 

Kevin...

Link to post
Share on other sites

there were a few more things besides the header i accidentally didn't copy

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Emily at 16:14:29 on 2014-03-13
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.6069.4283 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\SafeConnect\Uninstall.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

 

MBAM log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Emily :: SOCKS-PC [administrator]

Protection: Enabled

3/13/2014 5:15:23 PM
mbam-log-2014-03-13 (17-15-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218482
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

JRT log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Emily on 03/13/2014 Thu at 17:26:30.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Emily\AppData\Roaming\mozilla\firefox\profiles\qtlwjcm3.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/13/2014 Thu at 17:40:43.31

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Emily (administrator) on SOCKS-PC on 13-03-2014 17:45:54
Running from C:\Users\Emily\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scClient.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [setwallpaper] - c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [updateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\qtlwjcm3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: NoScript - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\qtlwjcm3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-09]
FF Extension: Adblock Plus - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\qtlwjcm3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-08]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-22]
CHR Extension: (Google Drive) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-22]
CHR Extension: (Missing e) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2013-11-22]
CHR Extension: (YouTube) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-22]
CHR Extension: (Adblock Plus) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-22]
CHR Extension: (Google Search) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-22]
CHR Extension: (Tampermonkey) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-11-22]
CHR Extension: (XKit) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2013-11-22]
CHR Extension: (Google Wallet) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (NotScripts) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2013-11-22]
CHR Extension: (Tumblr Savior) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2013-11-22]
CHR Extension: (ScriptSafe) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2013-11-22]
CHR Extension: (Gmail) - C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-22]

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [175968 2012-10-23] (Impulse Point, LLC)

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 17:45 - 2014-03-13 17:46 - 00013860 _____ () C:\Users\Emily\Desktop\FRST.txt
2014-03-13 17:45 - 2014-03-13 17:45 - 00000000 ____D () C:\FRST
2014-03-13 17:44 - 2014-03-13 17:44 - 02157056 _____ (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2014-03-13 17:43 - 2014-03-13 17:44 - 01037734 _____ (Thisisu) C:\Users\Emily\Downloads\JRT.exe
2014-03-13 17:40 - 2014-03-13 17:40 - 00000764 _____ () C:\Users\Emily\Desktop\JRT.txt
2014-03-13 17:26 - 2014-03-13 17:26 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 17:25 - 2014-03-13 17:25 - 01037734 _____ (Thisisu) C:\Users\Emily\Desktop\JRT.exe
2014-03-13 16:15 - 2014-03-13 16:15 - 00030701 _____ () C:\Users\Emily\Desktop\attach.txt
2014-03-13 16:15 - 2014-03-13 16:15 - 00017840 _____ () C:\Users\Emily\Desktop\dds.txt
2014-03-13 16:12 - 2014-03-13 16:12 - 00688992 ____R (Swearware) C:\Users\Emily\Desktop\dds.com
2014-03-12 01:56 - 2014-03-12 01:56 - 00276168 _____ () C:\Windows\Minidump\031214-40154-01.dmp
2014-03-12 01:45 - 2014-03-12 01:45 - 00003318 _____ () C:\Windows\System32\Tasks\{6867A5E2-85EC-4AFD-A851-959DAEBA2008}
2014-03-12 00:41 - 2014-03-12 00:41 - 00276168 _____ () C:\Windows\Minidump\031214-17378-01.dmp
2014-03-12 00:28 - 2014-03-12 00:28 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-12 00:20 - 2014-03-12 00:21 - 24677393 _____ () C:\Users\Emily\Downloads\vlc-2.1.3-win32.exe
2014-03-12 00:16 - 2014-03-12 00:16 - 00000000 __RHD () C:\Users\Emily\AppData\Roaming\SecuROM
2014-03-11 21:57 - 2014-03-11 21:57 - 00000219 _____ () C:\Users\Emily\Desktop\Left 4 Dead 2.url
2014-03-11 21:47 - 2014-03-11 21:47 - 00000222 _____ () C:\Users\Emily\Desktop\Hammerwatch.url
2014-03-11 21:38 - 2014-03-11 21:38 - 00000222 _____ () C:\Users\Emily\Desktop\FTL Faster Than Light.url
2014-03-11 20:11 - 2014-03-11 20:11 - 00000220 _____ () C:\Users\Emily\Desktop\Sid Meier's Civilization IV.url
2014-03-11 17:16 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 17:16 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 17:16 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 17:16 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 17:16 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 17:16 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 17:16 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 17:16 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 17:16 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 17:16 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 17:16 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 17:16 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 17:16 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 17:16 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 17:16 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 17:16 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 17:16 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 17:16 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 17:16 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 17:16 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 17:16 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 17:16 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 17:16 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 17:16 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 17:16 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 17:16 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 17:16 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 17:16 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 17:16 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 17:16 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 17:16 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 17:16 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 17:16 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 17:16 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 17:16 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 17:16 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 17:16 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 17:16 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 17:16 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 17:16 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 17:16 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 17:16 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 17:16 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 17:16 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 17:13 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 17:13 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 17:13 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 17:13 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 18:07 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-09 18:07 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-09 16:00 - 2014-03-12 01:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-09 16:00 - 2014-03-09 16:00 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-09 15:59 - 2014-03-09 15:59 - 01141680 _____ () C:\Users\Emily\Downloads\SteamSetup.exe
2014-03-09 00:12 - 2014-03-09 00:12 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\NitroplusCHiRAL
2014-03-09 00:07 - 2014-03-09 00:11 - 00000000 ____D () C:\Users\Emily\Desktop\DMMD
2014-03-09 00:06 - 2014-03-09 00:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-09 00:03 - 2014-03-09 00:11 - 00000000 ____D () C:\Users\Emily\AppData\Local\Adobe
2014-03-08 22:46 - 2014-03-08 23:54 - 3193578582 ____R () C:\Users\Emily\Downloads\DMMR-2.zip
2014-03-08 22:24 - 2014-03-08 22:39 - 22319750 _____ () C:\Users\Emily\Downloads\DMMd - Patches.zip
2014-03-08 22:21 - 2014-03-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 21:54 - 2014-03-08 22:49 - 3171096630 ____R () C:\Users\Emily\Downloads\(18禁ゲーム)[Nitro+ CHiRAL] DRAMAtical Murder..zip
2014-03-08 21:50 - 2014-03-08 21:51 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\DAEMON Tools Lite
2014-03-08 21:48 - 2014-03-12 23:12 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\uTorrent
2014-03-08 21:48 - 2014-03-08 21:49 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-03-08 20:59 - 2014-03-08 20:59 - 01977432 _____ () C:\Users\Emily\Downloads\winrar-x64-501.exe
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\WinRAR
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-08 20:55 - 2014-03-08 20:55 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\SoftGrid Client
2014-03-08 20:54 - 2014-03-08 20:54 - 01769680 _____ () C:\Users\Emily\Downloads\wrar501.exe
2014-03-08 20:45 - 2014-03-08 20:45 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Macromedia
2014-03-08 20:45 - 2014-03-08 20:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\Macromedia
2014-03-08 20:36 - 2014-03-08 20:36 - 00003100 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-03-08 20:29 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-08 20:29 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-08 20:29 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-08 20:29 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-08 20:29 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-08 20:29 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-08 20:29 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-08 20:29 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-08 20:29 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-08 20:29 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-08 20:29 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-08 20:29 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-08 20:29 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-08 20:29 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-08 20:29 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-08 20:29 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-08 20:29 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-08 20:29 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-08 20:29 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-08 20:29 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-08 20:29 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-08 20:29 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-08 20:29 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-08 20:29 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-08 20:29 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-08 20:29 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-08 20:29 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-08 20:29 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-13 17:46 - 2014-03-13 17:45 - 00013860 _____ () C:\Users\Emily\Desktop\FRST.txt
2014-03-13 17:45 - 2014-03-13 17:45 - 00000000 ____D () C:\FRST
2014-03-13 17:44 - 2014-03-13 17:44 - 02157056 _____ (Farbar) C:\Users\Emily\Desktop\FRST64.exe
2014-03-13 17:44 - 2014-03-13 17:43 - 01037734 _____ (Thisisu) C:\Users\Emily\Downloads\JRT.exe
2014-03-13 17:40 - 2014-03-13 17:40 - 00000764 _____ () C:\Users\Emily\Desktop\JRT.txt
2014-03-13 17:28 - 2013-02-14 22:07 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 17:26 - 2014-03-13 17:26 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 17:25 - 2014-03-13 17:25 - 01037734 _____ (Thisisu) C:\Users\Emily\Desktop\JRT.exe
2014-03-13 17:15 - 2009-07-13 21:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 17:15 - 2009-07-13 21:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 17:14 - 2009-07-13 22:13 - 00780156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 17:11 - 2010-07-07 21:42 - 01909136 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 17:08 - 2013-11-22 17:26 - 00000000 ____D () C:\Users\Emily\AppData\Local\LogMeIn Hamachi
2014-03-13 17:08 - 2013-02-14 22:07 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 17:08 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 17:07 - 2009-07-13 21:51 - 00038241 _____ () C:\Windows\setupact.log
2014-03-13 16:15 - 2014-03-13 16:15 - 00030701 _____ () C:\Users\Emily\Desktop\attach.txt
2014-03-13 16:15 - 2014-03-13 16:15 - 00017840 _____ () C:\Users\Emily\Desktop\dds.txt
2014-03-13 16:12 - 2014-03-13 16:12 - 00688992 ____R (Swearware) C:\Users\Emily\Desktop\dds.com
2014-03-13 16:08 - 2012-04-11 00:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 14:36 - 2010-07-07 22:14 - 00169198 _____ () C:\Windows\PFRO.log
2014-03-12 23:12 - 2014-03-08 21:48 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\uTorrent
2014-03-12 15:42 - 2012-08-14 16:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 01:56 - 2014-03-12 01:56 - 00276168 _____ () C:\Windows\Minidump\031214-40154-01.dmp
2014-03-12 01:56 - 2011-09-06 09:11 - 278549125 _____ () C:\Windows\MEMORY.DMP
2014-03-12 01:56 - 2011-09-06 09:11 - 00000000 ____D () C:\Windows\Minidump
2014-03-12 01:45 - 2014-03-12 01:45 - 00003318 _____ () C:\Windows\System32\Tasks\{6867A5E2-85EC-4AFD-A851-959DAEBA2008}
2014-03-12 01:41 - 2014-03-09 16:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-12 01:38 - 2014-02-03 01:00 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Skype
2014-03-12 00:42 - 2009-07-13 22:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 00:41 - 2014-03-12 00:41 - 00276168 _____ () C:\Windows\Minidump\031214-17378-01.dmp
2014-03-12 00:28 - 2014-03-12 00:28 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-12 00:21 - 2014-03-12 00:20 - 24677393 _____ () C:\Users\Emily\Downloads\vlc-2.1.3-win32.exe
2014-03-12 00:16 - 2014-03-12 00:16 - 00000000 __RHD () C:\Users\Emily\AppData\Roaming\SecuROM
2014-03-12 00:08 - 2012-04-11 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 00:08 - 2012-04-11 00:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 00:08 - 2012-01-15 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:57 - 2014-03-11 21:57 - 00000219 _____ () C:\Users\Emily\Desktop\Left 4 Dead 2.url
2014-03-11 21:47 - 2014-03-11 21:47 - 00000222 _____ () C:\Users\Emily\Desktop\Hammerwatch.url
2014-03-11 21:38 - 2014-03-11 21:38 - 00000222 _____ () C:\Users\Emily\Desktop\FTL Faster Than Light.url
2014-03-11 20:11 - 2014-03-11 20:11 - 00000220 _____ () C:\Users\Emily\Desktop\Sid Meier's Civilization IV.url
2014-03-11 20:05 - 2009-07-13 21:45 - 00267944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 20:03 - 2013-03-26 00:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-11 20:03 - 2013-03-26 00:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 18:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-09 18:18 - 2011-09-15 18:20 - 00766068 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-09 18:15 - 2013-08-15 00:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-09 18:13 - 2013-02-15 04:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 18:13 - 2011-09-15 15:48 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-09 18:13 - 2011-08-28 12:42 - 00000000 ____D () C:\ProgramData\Skype
2014-03-09 16:00 - 2014-03-09 16:00 - 00000969 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-03-09 15:59 - 2014-03-09 15:59 - 01141680 _____ () C:\Users\Emily\Downloads\SteamSetup.exe
2014-03-09 15:58 - 2013-11-22 17:24 - 00000000 ____D () C:\Users\Emily
2014-03-09 00:12 - 2014-03-09 00:12 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\NitroplusCHiRAL
2014-03-09 00:11 - 2014-03-09 00:07 - 00000000 ____D () C:\Users\Emily\Desktop\DMMD
2014-03-09 00:11 - 2014-03-09 00:03 - 00000000 ____D () C:\Users\Emily\AppData\Local\Adobe
2014-03-09 00:06 - 2014-03-09 00:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-09 00:06 - 2013-06-02 13:23 - 00000928 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-03-09 00:05 - 2013-11-22 17:26 - 00058016 _____ () C:\Users\Emily\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 00:05 - 2012-08-05 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-09 00:03 - 2013-11-22 17:25 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Adobe
2014-03-08 23:54 - 2014-03-08 22:46 - 3193578582 ____R () C:\Users\Emily\Downloads\DMMR-2.zip
2014-03-08 23:42 - 2014-02-03 00:57 - 00000000 ____D () C:\Users\Emily\AppData\Local\Mozilla
2014-03-08 23:38 - 2013-11-22 17:25 - 00000000 ____D () C:\Users\Emily\AppData\Local\VirtualStore
2014-03-08 23:26 - 2010-07-07 22:13 - 00001858 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-03-08 22:49 - 2014-03-08 21:54 - 3171096630 ____R () C:\Users\Emily\Downloads\(18禁ゲーム)[Nitro+ CHiRAL] DRAMAtical Murder..zip
2014-03-08 22:39 - 2014-03-08 22:24 - 22319750 _____ () C:\Users\Emily\Downloads\DMMd - Patches.zip
2014-03-08 22:21 - 2014-03-08 22:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 21:51 - 2014-03-08 21:50 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\DAEMON Tools Lite
2014-03-08 21:49 - 2014-03-08 21:48 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-03-08 20:59 - 2014-03-08 20:59 - 01977432 _____ () C:\Users\Emily\Downloads\winrar-x64-501.exe
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\WinRAR
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-08 20:59 - 2014-03-08 20:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-08 20:55 - 2014-03-08 20:55 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\SoftGrid Client
2014-03-08 20:54 - 2014-03-08 20:54 - 01769680 _____ () C:\Users\Emily\Downloads\wrar501.exe
2014-03-08 20:45 - 2014-03-08 20:45 - 00000000 ____D () C:\Users\Emily\AppData\Roaming\Macromedia
2014-03-08 20:45 - 2014-03-08 20:45 - 00000000 ____D () C:\Users\Emily\AppData\Local\Macromedia
2014-03-08 20:40 - 2013-02-14 22:08 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 20:36 - 2014-03-08 20:36 - 00003100 _____ () C:\Windows\System32\Tasks\P4G Sidebar
2014-03-08 20:23 - 2013-02-14 22:07 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-08 20:23 - 2013-02-14 22:07 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-28 23:05 - 2014-03-11 17:16 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-11 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-11 17:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-11 17:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-11 17:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-11 17:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-11 17:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-11 17:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-11 17:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-11 17:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-11 17:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-11 17:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-11 17:16 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-11 17:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-11 17:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-11 17:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-11 17:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-11 17:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-11 17:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-11 17:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-11 17:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-11 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-11 17:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-11 17:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-11 17:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-11 17:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-11 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-11 17:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-11 17:16 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-11 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-11 17:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-11 17:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-11 17:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-11 17:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-11 17:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-11 17:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-11 17:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-11 17:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-11 17:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-11 17:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Emily\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Emily\AppData\Local\Temp\drm_dyndata_7330014.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 18:07

==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Not seeing a great deal wrong with your system regarding malware/infection....

 

Ok do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

 


  •  

     


  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     


  • click on the Run ESET Online Scanner button

     

     


  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     


  • When asked, allow the add/on to be installed

     

    Click Start

     


  • Make sure that the option Remove found threats is unticked

     

     


  • Click on Advanced Settings, ensure the options

     

     


  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

    Click Scan

     


  • wait for the virus definitions to be downloaded

     

     


  • Wait for the scan to finish

     

     



 

 

When the scan is complete

 

 


  •  

     


  • If no threats were found

     

     


  • put a checkmark in "Uninstall application on close"

     

     


  • close program

     

     


  • report to me that nothing was found

     

     



 

 

If threats were found

 

 


  •  

     


  • click on "list of threats found"

     

     


  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     


  • Click on back

     

     


  • put a checkmark in "Uninstall application on close"

     

     


  • click on finish

     

     



 

 

close program

 

copy and paste the report in next reply

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.