Jump to content

Help needed with VuuPC Installer popup


Recommended Posts

Hi!  A friend's computer has MBAM Pro 2.0.1.1004 installed along with Avira AntiVir 2014 (free edition).  Everything's working fine except a VuuPC installer popup window keeps appearing.  It has "Windows Version Installer" at the top of the popup window and when I inspect the process in task manager, it's identified as the "vuupc installer" running from a ".tmp" file.

 

I downloaded DDS and ran it on the system and was eventually shown a "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." message and DDS doesn't run.

This is a laptop running Windows 8.1 64-bit.   So, I can't generate the DDS logs as instructed in the post on how to request assistance.

 

What else can I do to get this assistance process started?

 

Thanks!

 

Peace...

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the reply!  I tried running DDS again and received the same message as before:

 

"DDS is not meant to run in 'Compatibility Mode'. The program shall now exit."

 

So, I can't generate a DDS log.  This is a 64-bit Windows 8.1 system.

 

Attached are the MBAM Pro 2.0.1.1004 and RogueKillerX64 logs.

 

I'll do nothing until I hear back from you.  :)

 

Thanks again!

 

Peace...

 

mbam-pro-threat-scan-log.txt

RKreport0_S_04062014_225604.txt

Link to post
Share on other sites

Oh yeah, I almost forgot to mention.  Right after the above MBAM Pro scan finished, the VuuPC installer popped up again.  This time, it must have tried to actually install something since MBAM blocked a DLL.   The protection log, which contains the block I mentioned just now, is attached to this post.

 

Thanks again!

 

Peace...

mbam-pro-threat-block.txt

Link to post
Share on other sites

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Ok, here is the AdwCleaner[s0] log:

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 06:40:11
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : MarthaJane - MARTHA
# Running from : C:\Users\MarthaJane\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : VOsrv
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\Betcat
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\internethelper3.1
Folder Deleted : C:\Program Files (x86)\Lyrics_Monkey
Folder Deleted : C:\Program Files (x86)\Movdap
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\MarthaJane\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\MarthaJane\AppData\Local\Conduit
Folder Deleted : C:\Users\MarthaJane\AppData\Local\SearchProtect
Folder Deleted : C:\Users\MarthaJane\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\MarthaJane\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\MarthaJane\AppData\Roaming\Movdap
Folder Deleted : C:\Users\MarthaJane\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\MarthaJane\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\MarthaJane\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\MARTHA~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\MarthaJane\Desktop\AnyProtect.lnk
File Deleted : C:\WINDOWS\Tasks\MySearchDial.job
File Deleted : C:\WINDOWS\System32\Tasks\MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\MarthaJane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [12365 octets] - [07/04/2014 06:36:31]
AdwCleaner[s0].txt - [11770 octets] - [07/04/2014 06:40:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11831 octets] ##########
Link to post
Share on other sites

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by MarthaJane (administrator) on MARTHA on 07-04-2014 06:45:09
Running from C:\Users\MarthaJane\Desktop\FRST
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\WINDOWS\syswow64\wwahost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Users\MarthaJane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\MarthaJane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
() C:\Program Files\WindowsApps\22716SADev.NotepadClassic_1.0.0.35_x64__c36x70e20g3gc\NotepadClassic.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] - C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-04] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\MarthaJane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2013-02-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Amazon Cloud Player] - C:\Users\MarthaJane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [skyDrive] - C:\Users\MarthaJane\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-04-05] (Microsoft Corporation)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [Google Update] - C:\Users\MarthaJane\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-18] (Google Inc.)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [GoogleChromeAutoLaunch_BE915AAFA683D9E238FB7FB14FBCEBA8] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-21] (Google Inc.)
HKU\S-1-5-21-3373378444-1096150452-2535012064-1001\...\MountPoints2: {8164cf14-ca85-11e2-be90-3085a91cfc9f} - "F:\iLinker.exe" 
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => "C:\PROGRA~3\Wincert\WIN32C~1.DLL" File Not Found
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {08A40B8E-D2AF-4A00-AA04-0861597EFE8E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309657&CUI=UN21186811172085915&UM=2
SearchScopes: HKCU - {938665AA-BD77-46AE-B07B-03F636E4861C} URL = http://websearch.shopathome.com?user_id={504C3A9E-C8C1-42FD-A7BB-F08052D1C15D}&q={searchTerms}
SearchScopes: HKCU - {C4E8EDEC-0F32-415D-BFEF-BC8C4644F641} URL = http://search.conduit.com/Results.aspx?ctid=CT3283894&SearchSource=45&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 75.75.75.75
 
Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\MarthaJane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [bnjeijnddhocimhkpncjbgncnkmdhpjf] - C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx [2013-08-24]
CHR HKCU\...\Chrome\Extension: [jcnkjmghmdigcjcajaemenhlleobnhih] - C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\MarthaJane\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [bnjeijnddhocimhkpncjbgncnkmdhpjf] - C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [jcnkjmghmdigcjcajaemenhlleobnhih] - C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2013-09-08]
 
==================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-07 06:44 - 2014-04-07 06:45 - 00000000 ____D () C:\FRST
2014-04-07 06:42 - 2014-04-07 06:45 - 00000000 ____D () C:\Users\MarthaJane\Desktop\FRST
2014-04-07 06:36 - 2014-04-07 06:40 - 00000000 ____D () C:\AdwCleaner
2014-04-07 06:34 - 2014-04-07 06:34 - 01426178 _____ () C:\Users\MarthaJane\Desktop\AdwCleaner.exe
2014-04-06 23:11 - 2014-04-06 23:11 - 00004368 _____ () C:\Users\MarthaJane\Desktop\mbam-pro-threat-block.txt
2014-04-06 22:57 - 2014-04-06 22:57 - 00000794 _____ () C:\WINDOWS\setupact.log
2014-04-06 22:57 - 2014-04-06 22:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-06 22:56 - 2014-04-06 22:59 - 00048121 _____ () C:\Users\MarthaJane\Desktop\RKreport[0]_S_04062014_225604.txt
2014-04-06 22:48 - 2014-04-06 22:56 - 00000000 ____D () C:\Users\MarthaJane\Desktop\RK_Quarantine
2014-04-06 22:44 - 2014-04-06 22:44 - 00000017 _____ () C:\Users\MarthaJane\AppData\Local\resmon.resmoncfg
2014-04-06 22:42 - 2014-04-06 22:42 - 04527616 _____ () C:\Users\MarthaJane\Desktop\RogueKillerX64.exe
2014-04-06 22:41 - 2014-04-06 22:41 - 00688992 _____ (Swearware) C:\Users\MarthaJane\Desktop\dds.scr
2014-04-06 14:09 - 2014-04-06 22:45 - 00001150 _____ () C:\Users\MarthaJane\Desktop\Continue VuuPC Installation.lnk
2014-04-06 13:32 - 2014-04-06 13:32 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-06 13:32 - 2014-04-06 13:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-06 13:31 - 2014-04-06 13:31 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\MarthaJane\Downloads\avira_en_av___ws.exe
2014-04-06 13:20 - 2014-04-06 13:20 - 00000674 _____ () C:\WINDOWS\PFRO.log
2014-04-06 07:30 - 2014-04-07 06:40 - 00085708 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-06 07:30 - 2014-04-06 07:31 - 45369232 _____ ( ) C:\Users\MarthaJane\Downloads\ASUS.123625(7.0.0)_A_P2G130104-01_Normal.exe
2014-04-05 14:45 - 2014-04-05 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\MarthaJane\Downloads\ccsetup412.exe
2014-04-05 14:06 - 2014-04-05 14:06 - 04118888 _____ () C:\Users\MarthaJane\Downloads\tdsskiller.zip
2014-04-05 14:05 - 2014-04-05 14:05 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\MarthaJane\Downloads\tdsskiller.exe
2014-04-05 10:50 - 2014-04-05 10:51 - 00003368 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 10:50 - 2014-04-05 10:51 - 00003316 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 10:49 - 2014-04-05 10:49 - 00201800 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-04-05 09:12 - 2014-04-07 06:42 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 09:11 - 2014-04-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 09:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-05 09:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-05 09:10 - 2014-04-05 09:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\MarthaJane\Downloads\mbam-setup-2.0.1.1004.exe
2014-03-31 17:50 - 2014-02-22 05:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-31 17:50 - 2014-02-22 04:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\fastcleanpro
2014-03-31 09:12 - 2014-03-31 09:12 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\IsolatedStorage
2014-03-25 07:37 - 2014-03-25 07:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iTunes
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iPod
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-25 07:31 - 2014-03-25 07:31 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-25 07:31 - 2014-03-25 07:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-19 11:05 - 2014-04-05 10:46 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-03-17 21:25 - 2014-03-17 21:25 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-14 14:23 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-14 14:23 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-14 14:22 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 22:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 22:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 22:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 22:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 22:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 22:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 22:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 22:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 22:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 22:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 22:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 22:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 22:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 22:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 22:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 22:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 22:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 22:14 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 22:14 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 22:14 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 22:14 - 2014-01-31 09:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 22:14 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 22:14 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 22:14 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 22:14 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 22:14 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 22:14 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 22:14 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 22:14 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 22:14 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 22:14 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 22:14 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 22:14 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 22:14 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 22:14 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 22:14 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 22:14 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 22:14 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 22:14 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 22:14 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 22:14 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 22:14 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 22:14 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 22:14 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 22:14 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 22:14 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 22:14 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 22:14 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 22:14 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 22:14 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 22:14 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 22:14 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 22:14 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 22:14 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 22:14 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-11 02:01 - 2014-03-28 16:38 - 01172776 _____ (AnyProtect.com) C:\Users\MarthaJane\AppData\Local\AnyProtectScannerSetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 06:45 - 2014-04-07 06:44 - 00000000 ____D () C:\FRST
2014-04-07 06:45 - 2014-04-07 06:42 - 00000000 ____D () C:\Users\MarthaJane\Desktop\FRST
2014-04-07 06:44 - 2013-04-10 19:03 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-07 06:43 - 2014-02-11 12:14 - 00004986 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARTHA-MarthaJane Martha
2014-04-07 06:43 - 2013-04-10 19:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 06:43 - 2013-02-20 22:00 - 00000000 __RDO () C:\Users\MarthaJane\SkyDrive
2014-04-07 06:43 - 2013-02-16 22:56 - 00000380 _____ () C:\Users\MarthaJane\AppData\Roaming\sp_data.sys
2014-04-07 06:42 - 2014-04-05 09:12 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 06:42 - 2014-02-24 23:44 - 00165659 _____ () C:\MyXML.xml
2014-04-07 06:41 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 06:40 - 2014-04-07 06:36 - 00000000 ____D () C:\AdwCleaner
2014-04-07 06:40 - 2014-04-06 07:30 - 00085708 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 06:40 - 2013-08-22 06:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-07 06:38 - 2013-02-16 23:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-07 06:34 - 2014-04-07 06:34 - 01426178 _____ () C:\Users\MarthaJane\Desktop\AdwCleaner.exe
2014-04-07 06:33 - 2013-02-25 22:19 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA167CE6-ECCF-463F-86D2-9A5134D40BC4}
2014-04-06 23:11 - 2014-04-06 23:11 - 00004368 _____ () C:\Users\MarthaJane\Desktop\mbam-pro-threat-block.txt
2014-04-06 23:01 - 2013-09-29 21:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-06 22:59 - 2014-04-06 22:56 - 00048121 _____ () C:\Users\MarthaJane\Desktop\RKreport[0]_S_04062014_225604.txt
2014-04-06 22:57 - 2014-04-06 22:57 - 00000794 _____ () C:\WINDOWS\setupact.log
2014-04-06 22:57 - 2014-04-06 22:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-06 22:56 - 2014-04-06 22:48 - 00000000 ____D () C:\Users\MarthaJane\Desktop\RK_Quarantine
2014-04-06 22:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-06 22:46 - 2013-04-10 19:02 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 22:45 - 2014-04-06 14:09 - 00001150 _____ () C:\Users\MarthaJane\Desktop\Continue VuuPC Installation.lnk
2014-04-06 22:44 - 2014-04-06 22:44 - 00000017 _____ () C:\Users\MarthaJane\AppData\Local\resmon.resmoncfg
2014-04-06 22:42 - 2014-04-06 22:42 - 04527616 _____ () C:\Users\MarthaJane\Desktop\RogueKillerX64.exe
2014-04-06 22:41 - 2014-04-06 22:41 - 00688992 _____ (Swearware) C:\Users\MarthaJane\Desktop\dds.scr
2014-04-06 22:36 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-06 22:30 - 2013-12-18 17:10 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA.job
2014-04-06 13:32 - 2014-04-06 13:32 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-06 13:32 - 2014-04-06 13:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-06 13:32 - 2013-04-07 16:46 - 00000000 ____D () C:\ProgramData\Avira
2014-04-06 13:32 - 2013-04-07 16:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-06 13:31 - 2014-04-06 13:31 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\MarthaJane\Downloads\avira_en_av___ws.exe
2014-04-06 13:20 - 2014-04-06 13:20 - 00000674 _____ () C:\WINDOWS\PFRO.log
2014-04-06 13:20 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-04-06 07:54 - 2013-02-20 21:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-06 07:36 - 2013-02-12 22:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-06 07:31 - 2014-04-06 07:30 - 45369232 _____ ( ) C:\Users\MarthaJane\Downloads\ASUS.123625(7.0.0)_A_P2G130104-01_Normal.exe
2014-04-06 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-04-05 14:45 - 2014-04-05 14:45 - 04787368 _____ (Piriform Ltd) C:\Users\MarthaJane\Downloads\ccsetup412.exe
2014-04-05 14:45 - 2014-02-24 23:52 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-05 14:45 - 2014-02-24 23:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 14:06 - 2014-04-05 14:06 - 04118888 _____ () C:\Users\MarthaJane\Downloads\tdsskiller.zip
2014-04-05 14:05 - 2014-04-05 14:05 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\MarthaJane\Downloads\tdsskiller.exe
2014-04-05 13:55 - 2013-07-29 20:30 - 00000000 ____D () C:\Program Files (x86)\Real
2014-04-05 13:55 - 2013-07-29 20:22 - 00000000 ____D () C:\ProgramData\Real
2014-04-05 13:54 - 2013-07-29 20:30 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Real
2014-04-05 10:51 - 2014-04-05 10:50 - 00003368 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 10:51 - 2014-04-05 10:50 - 00003316 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 10:49 - 2014-04-05 10:49 - 00201800 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-04-05 10:46 - 2014-03-19 11:05 - 00003346 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 10:46 - 2013-07-29 20:32 - 00003294 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3373378444-1096150452-2535012064-1001
2014-04-05 09:41 - 2013-04-10 19:02 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 09:41 - 2013-04-10 19:02 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-05 09:30 - 2013-12-18 17:10 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core.job
2014-04-05 09:11 - 2014-04-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 09:11 - 2014-04-05 09:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\MarthaJane\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-05 09:11 - 2013-03-26 20:14 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Malwarebytes
2014-04-05 09:11 - 2013-03-26 20:13 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 09:11 - 2013-03-26 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 09:51 - 2014-04-05 09:11 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 09:11 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-26 20:13 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 20:37 - 2013-08-19 00:48 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Intelli-studio
2014-03-31 09:25 - 2013-12-18 17:10 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001UA
2014-03-31 09:25 - 2013-12-18 17:10 - 00003518 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3373378444-1096150452-2535012064-1001Core
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\fastcleanpro
2014-03-31 09:12 - 2014-03-31 09:12 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\IsolatedStorage
2014-03-28 20:04 - 2013-11-10 20:54 - 00000000 ____D () C:\Users\MarthaJane
2014-03-28 17:47 - 2013-04-10 19:00 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\Google
2014-03-28 16:38 - 2014-03-11 02:01 - 01172776 _____ (AnyProtect.com) C:\Users\MarthaJane\AppData\Local\AnyProtectScannerSetup.exe
2014-03-25 07:37 - 2014-03-25 07:37 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iTunes
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files\iPod
2014-03-25 07:37 - 2014-03-25 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-25 07:31 - 2014-03-25 07:31 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-25 07:31 - 2014-03-25 07:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-21 07:31 - 2013-02-19 12:19 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Apple Computer
2014-03-20 12:13 - 2013-08-12 18:48 - 00049952 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-03-19 19:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-19 14:23 - 2013-02-19 12:18 - 00000000 ____D () C:\Users\MarthaJane\AppData\Local\Apple
2014-03-19 11:00 - 2013-08-22 07:44 - 00538728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 10:54 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 10:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 10:52 - 2013-08-13 22:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 10:49 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-19 10:49 - 2013-02-19 09:56 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 21:25 - 2014-03-17 21:25 - 00000000 ____D () C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-17 21:25 - 2013-12-18 17:10 - 00001277 _____ () C:\Users\MarthaJane\Desktop\Chromecast.lnk
 
Some content of TEMP:
====================
C:\Users\MarthaJane\AppData\Local\Temp\avgnt.exe
C:\Users\MarthaJane\AppData\Local\Temp\lowproc.exe
C:\Users\MarthaJane\AppData\Local\Temp\ntdll_dump.dll
C:\Users\MarthaJane\AppData\Local\Temp\Quarantine.exe
C:\Users\MarthaJane\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 22:14] - [2014-01-31 09:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-04-06 23:16
 
==================== End Of Log ============================
 
Thanks again!   
 
Peace...

Addition.txt

Link to post
Share on other sites

1: Please uninstall DMUninstaller from your Programs and Features.

2: Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

3: Update and run a Threat scan with Malwarebytes, quarantine everything found

4: Use your CCleaner to clean out temp files

5: Let me know how it is, MrC

Link to post
Share on other sites

Ok, I've done everything you instructed.   Here is the FIXLOG:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by MarthaJane at 2014-04-07 18:59:44 Run:1
Running from C:\Users\MarthaJane\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.condui...rchSource=45&q={searchTerms}
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
CHR HKCU\...\Chrome\Extension: [bnjeijnddhocimhkpncjbgncnkmdhpjf] - C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx [2013-08-24]
CHR HKCU\...\Chrome\Extension: [jcnkjmghmdigcjcajaemenhlleobnhih] - C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-09-08]
CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\MarthaJane\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [bnjeijnddhocimhkpncjbgncnkmdhpjf] - C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [jcnkjmghmdigcjcajaemenhlleobnhih] - C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [nmaikkamgfhkjbadgihldfmkpngkhgbb] - C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2013-09-08]
C:\Users\MarthaJane\AppData\Local\Temp\Quarantine.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\MarthaJane\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
Task: {C4C744E1-A3EA-4CA6-8ABC-364074868D50} - \MySearchDial No Task File
 
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08A40B8E-D2AF-4A00-AA04-0861597EFE8E} => Key deleted successfully.
HKCR\CLSID\{08A40B8E-D2AF-4A00-AA04-0861597EFE8E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{938665AA-BD77-46AE-B07B-03F636E4861C} => Key deleted successfully.
HKCR\CLSID\{938665AA-BD77-46AE-B07B-03F636E4861C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4E8EDEC-0F32-415D-BFEF-BC8C4644F641} => Key deleted successfully.
HKCR\CLSID\{C4E8EDEC-0F32-415D-BFEF-BC8C4644F641} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d1dac034-9fd9-4c13-a388-d2e10e57707f} => Value deleted successfully.
HKCR\CLSID\{d1dac034-9fd9-4c13-a388-d2e10e57707f} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095} => Key not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\bnjeijnddhocimhkpncjbgncnkmdhpjf => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\jcnkjmghmdigcjcajaemenhlleobnhih => Key deleted successfully.
C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\pahlibmflidlfjjalcbfmhocodjolhjp => Key deleted successfully.
C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob => Key deleted successfully.
C:\Users\MarthaJane\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bnjeijnddhocimhkpncjbgncnkmdhpjf => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\bnjeijnddhocimhkpncjbgncnkmdhpjf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcnkjmghmdigcjcajaemenhlleobnhih => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\jcnkjmghmdigcjcajaemenhlleobnhih.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\nmaikkamgfhkjbadgihldfmkpngkhgbb.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pahlibmflidlfjjalcbfmhocodjolhjp => Key deleted successfully.
"C:\Users\MarthaJane\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx" => File/Directory not found.
"C:\Users\MarthaJane\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\MarthaJane\SkyDrive" => ":ms-properties" ADS not found.
C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_0favicon-2079221766" ADS removed successfully.
C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_1favicon1313128964" ADS removed successfully.
C:\Users\MarthaJane\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_2favicon-2092717923" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4C744E1-A3EA-4CA6-8ABC-364074868D50} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4C744E1-A3EA-4CA6-8ABC-364074868D50} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
 
==== End of Fixlog ====

 

I've also attached the results from the latest MBAM Pro scan.

 

So far, I haven't seen the VuuPC installer popup but I want to give it some time. So, I'll leave the machine on for a few hours and see what happens. So far, so good!  :)
 
Thanks!
 
Peace...

latest-mbam-scan.txt

Link to post
Share on other sites

Good........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Ok, here's the "checkup.txt" file contents:

 

 Results of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop      
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
The only issue I'm seeing is MBAM isn't updating itself despite it being scheduled to update hourly.  Manual updates work fine but the automatic updates aren't running.  Other than that, the system is running well.
 
Thanks!
 
Peace...
Link to post
Share on other sites

The log looks OK.

Have you downloaded and install the latest program update for MB?? If not please do so.

Any problems with Malwarebytes should be addressed here:

https://forums.malwarebytes.org/index.php?showforum=41

----------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.