Jump to content

Infected - Malwarebytes wont open, Run-time error '372'


Recommended Posts

Says Run-time error '372':

 

Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated.

 

Have run check-disk etc - problem persists. Following instructions, I downloaded and ran Farbar Recovery Scan Tool and got the log, it is copied below..

 

Any help greatly appreciated!

 

c8w

 

-----------------------------------

FRST.txt

 

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC456C2C5-CB9A-4945-9173-801314EDCF81&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC456C2C5-CB9A-4945-9173-801314EDCF81&q={searchTerms}&SSPV=
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default
FF Homepage: hxxp://www.espncricinfo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2014-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [397360 2009-11-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-11-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-11-24] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-11-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-03-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-11-24] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-15 02:31 - 2014-05-15 02:31 - 00009359 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-15 02:29 - 2014-05-15 02:31 - 00000000 ____D () C:\FRST
2014-05-15 02:28 - 2014-05-15 02:28 - 02066944 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-15 02:23 - 2014-05-15 02:24 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-13 07:02 - 2014-05-13 07:02 - 00023891 _____ () C:\ComboFix.txt
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 03:00 - 2014-04-29 09:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 03:00 - 2014-04-29 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 03:00 - 2014-04-29 07:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 03:00 - 2014-04-29 07:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 02:30 - 2014-05-15 02:27 - 00000914 _____ () C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-09 02:30 - 2014-05-15 02:27 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 02:30 - 2014-05-15 02:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-09 02:30 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 02:30 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 01:42 - 2014-05-09 02:09 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 01:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 01:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 23:38 - 2014-05-13 07:02 - 00000000 ____D () C:\Qoobox
2014-05-08 23:37 - 2014-05-09 01:58 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 23:36 - 2014-05-13 06:54 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:39 - 2014-04-29 23:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 20:47 - 2014-05-13 06:53 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:38 - 2014-04-29 20:39 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 01:25 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-27 07:39 - 2014-04-27 07:48 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 07:37 - 2014-04-27 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 07:36 - 2014-04-13 21:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-27 07:36 - 2014-04-13 21:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-27 07:22 - 2014-04-27 07:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\c8w\Downloads\mbar-1.07.0.1009.exe
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 02:28 - 2014-04-25 02:28 - 764906552 _____ () C:\Windows\MEMORY.DMP
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-21 23:08 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 23:08 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 23:08 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 23:08 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 23:08 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 23:08 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 23:08 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 23:08 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 23:08 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 23:08 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 23:08 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 23:08 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 03:11 - 2014-04-19 13:13 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 18:17 - 2014-04-18 18:17 - 00000304 _____ () C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
2014-04-18 16:46 - 2014-04-18 16:47 - 00000000 ____D () C:\1ecf0e8d619db79d924a814a19688e

==================== One Month Modified Files and Folders =======

2014-05-15 02:31 - 2014-05-15 02:31 - 00009359 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-15 02:31 - 2014-05-15 02:29 - 00000000 ____D () C:\FRST
2014-05-15 02:28 - 2014-05-15 02:28 - 02066944 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-15 02:27 - 2014-05-09 02:30 - 00000914 _____ () C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 02:27 - 2014-05-09 02:30 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 02:27 - 2014-05-09 02:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-15 02:24 - 2014-05-15 02:23 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-15 02:06 - 2014-04-04 09:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 02:06 - 2014-02-24 18:03 - 01053601 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 01:33 - 2014-02-25 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 18:15 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 18:15 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:07 - 2014-04-04 09:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 18:07 - 2009-11-24 13:01 - 00141344 _____ () C:\Windows\PFRO.log
2014-05-14 18:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 18:07 - 2009-07-13 23:51 - 00038354 _____ () C:\Windows\setupact.log
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-14 08:21 - 2014-03-29 01:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 07:02 - 2014-05-13 07:02 - 00023891 _____ () C:\ComboFix.txt
2014-05-13 07:02 - 2014-05-08 23:38 - 00000000 ____D () C:\Qoobox
2014-05-13 07:01 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 06:54 - 2014-05-08 23:36 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-13 06:53 - 2014-04-29 20:47 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 02:30 - 2014-02-25 13:32 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Malwarebytes
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 02:09 - 2014-05-09 01:42 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:58 - 2014-05-08 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-04-30 14:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 01:06 - 2009-11-24 12:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:39 - 2014-04-29 23:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 22:31 - 2014-02-25 14:13 - 00000000 ____D () C:\Users\c8w\Desktop\mbar
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 20:39 - 2014-04-29 20:38 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 09:01 - 2014-05-09 03:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 08:40 - 2014-05-09 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 07:48 - 2014-05-09 03:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 07:34 - 2014-05-09 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 07:32 - 2014-04-29 01:25 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 07:32 - 2014-03-13 12:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\ProgramData\Norton
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-04-29 07:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-29 06:05 - 2014-02-24 17:27 - 00000000 ____D () C:\Users\c8w\AppData\Local\Cyberlink
2014-04-29 06:04 - 2009-11-24 13:02 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-29 05:52 - 2014-02-24 17:12 - 00000000 ____D () C:\Users\c8w
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-28 22:31 - 2014-02-25 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-27 07:48 - 2014-04-27 07:39 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 07:37 - 2014-04-27 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 07:23 - 2014-04-27 07:22 - 12589848 _____ (Malwarebytes Corp.) C:\Users\c8w\Downloads\mbar-1.07.0.1009.exe
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 04:25 - 2009-11-24 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-25 02:28 - 2014-04-25 02:28 - 764906552 _____ () C:\Windows\MEMORY.DMP
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-22 00:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 13:13 - 2014-04-19 03:11 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-19 13:13 - 2009-07-14 00:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 22:53 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-18 18:17 - 2014-04-18 18:17 - 00000304 _____ () C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
2014-04-18 16:47 - 2014-04-18 16:46 - 00000000 ____D () C:\1ecf0e8d619db79d924a814a19688e
2014-04-17 06:30 - 2009-11-24 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2009-11-24 12:16

==================== End Of Log ============================

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

I see you`ve recently used Combofix, can you post its log. Will be here: C:\Combofix.txt

 

Also need second log from FRST, addition.txt. Will be in this folder C.\FRST\Logs

 

Kevin

 

Kevin

Link to post
Share on other sites

I think its gotten worse..I tried to run Combofix again to generate a new file, and it didnt work. However, Iam attaching the addition.txt, and also the Combofix I tried a few days ago (found it in C:/Qoobox...

 

Thanks.

 

c8w

 

-------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by c8w at 2014-05-15 02:31:25
Running from C:\Users\c8w\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-05-2014 07:38:13 ComboFix created restore point
09-05-2014 08:00:11 Windows Update
12-05-2014 09:30:18 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-05-09 01:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {181494F2-268E-46C5-94B0-0EAD8F849A10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated)
Task: {1D0E0BF6-EC91-46EF-A1C9-7590050454EA} - System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {220EC111-1046-423E-996B-5F2A74CB3047} - System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23} => Chrome.exe
Task: {246547AB-E353-4CC6-A263-0467834E3DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {292A5730-8337-454F-856D-38CCAFD40527} - System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189} => Chrome.exe
Task: {33608DEB-E373-4D7C-88E6-522D0F385030} - System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {3F7B7FD7-3721-4E39-9685-6FB7BF698116} - System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD} => Chrome.exe
Task: {6619630B-E22C-49DB-9FF1-DD4ED7D3EF84} - System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA} => Chrome.exe
Task: {739F9502-CC58-47D5-97E9-ECACF8C5DD8B} - System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {78C2D2A7-CAF7-41B7-9662-DB1C52B9177D} - System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC} => Chrome.exe
Task: {794DF342-A4C6-4DD0-835D-6E5E39BA825F} - System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187} => Chrome.exe
Task: {A2467B78-CC20-4B3C-9781-9337BFE1439C} - System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {A28DAA3A-E310-4C48-ACC4-03B4ABB40B8F} - System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {AD87A770-3E2F-4BBF-B9AC-A938FA2725EA} - System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A} => Chrome.exe
Task: {C9C09651-9F1B-403C-99A5-109D10D3AC29} - System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B} => Chrome.exe
Task: {CDC0D8B4-4097-486A-80EF-8D345E3C829F} - System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9} => Chrome.exe
Task: {FCCD2E95-A852-493A-AA70-844B1E59597D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-12-13 21:19 - 2009-12-09 04:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-03-29 01:55 - 2014-03-29 01:55 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 22:33 - 2014-03-11 22:33 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Audio Device
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 02:27:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:27:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:27:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x914
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (05/15/2014 02:10:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:10:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:10:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 02:10:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 9.1.0.163, time stamp: 0x49a88f00
Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddbf3
Exception code: 0x40000015
Fault offset: 0x000046b4
Faulting process id: 0x5f8
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3

Error: (05/12/2014 04:41:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/12/2014 04:41:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.


System errors:
=============
Error: (05/15/2014 02:27:38 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/15/2014 02:26:25 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/15/2014 02:24:44 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/15/2014 01:29:29 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/15/2014 01:25:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/14/2014 06:12:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/14/2014 06:10:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated with the following error:
%%-2146893799

Error: (05/14/2014 06:10:25 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: WMPNetworkSvc0x80070002

Error: (05/14/2014 06:10:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/14/2014 06:10:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-09 01:57:21.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-09 01:57:21.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

-------------------

 

ComboFix 14-05-13.01 - c8w 05/13/2014   6:57.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6007.4832 [GMT -5:00]
Running from: c:\users\c8w\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-13 to 2014-05-13  )))))))))))))))))))))))))))))))
.
.
2014-05-13 12:01 . 2014-05-13 12:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-13 11:53 . 2014-05-13 11:53    --------    d-----w-    C:\fdcdfcc7cad6ac3b7c420ba9daac
2014-05-13 10:36 . 2014-05-10 07:12    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD0D580B-6402-410D-814A-3677FFE8864C}\gapaengine.dll
2014-05-13 10:36 . 2014-04-16 08:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D693AF6-354C-434C-9A5D-7331A0BCCE75}\mpengine.dll
2014-05-12 09:31 . 2014-04-16 08:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-10 07:13 . 2014-05-10 07:12    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-10 07:13 . 2014-05-10 07:12    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A2C193B-33E6-4D61-821F-99D512A5DD60}\gapaengine.dll
2014-05-09 21:37 . 2014-05-09 21:37    --------    d-----w-    C:\found.003
2014-05-09 08:00 . 2014-04-29 14:01    23547904    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-09 08:00 . 2014-04-29 13:40    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-09 08:00 . 2014-04-29 12:34    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-09 07:30 . 2014-05-09 07:30    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-09 07:30 . 2014-04-03 14:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-09 07:30 . 2014-04-03 14:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-09 07:05 . 2014-04-17 10:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{83408181-1F82-40FB-A886-E75944EBD01B}\mpengine.dll
2014-04-30 00:34 . 2014-04-30 00:34    --------    d-----w-    C:\Mozilla
2014-04-30 00:19 . 2014-04-30 00:19    --------    d-----w-    C:\Malwarebytes
2014-04-29 08:20 . 2014-04-30 01:42    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-04-29 08:20 . 2014-04-30 01:42    --------    d-----w-    c:\program files\Microsoft Security Client
2014-04-29 06:25 . 2014-04-29 12:32    --------    d-----w-    c:\programdata\Intel
2014-04-29 05:32 . 2014-04-29 05:32    --------    d-----w-    c:\users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-29 02:32 . 2014-04-30 03:42    --------    d-----w-    c:\users\c8w\AppData\Local\ElevatedDiagnostics
2014-04-29 02:31 . 2014-04-30 05:17    --------    d-----w-    c:\users\c8w\AppData\Local\Diagnostics
2014-04-27 12:37 . 2014-04-27 12:37    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-27 12:36 . 2014-04-14 02:24    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-27 12:36 . 2014-04-14 02:19    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-27 08:29 . 2014-04-27 08:29    --------    d-sh--w-    c:\users\c8w\AppData\Local\EmieUserList
2014-04-27 08:29 . 2014-04-27 08:29    --------    d-sh--w-    c:\users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:17 . 2014-04-26 22:17    --------    d-----w-    C:\found.002
2014-04-19 08:10 . 2014-04-19 08:10    --------    d-----w-    c:\windows\Migration
2014-04-18 21:46 . 2014-04-18 21:47    --------    d-----w-    C:\1ecf0e8d619db79d924a814a19688e
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 01:53 . 2014-02-26 20:08    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-04-04 14:48 . 2014-02-25 21:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 14:48 . 2014-02-25 21:17    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-03 14:50 . 2014-02-25 18:32    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-31 14:35 . 2014-02-25 21:19    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-14 20:48 . 2014-03-14 20:48    561800    ----a-w-    c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
2014-03-13 17:36 . 2014-03-13 17:36    172592    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-03-11 14:52 . 2014-03-11 14:52    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:44 . 2014-04-11 00:12    362496    ----a-w-    c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-11 00:12    243712    ----a-w-    c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-11 00:12    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-11 00:12    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-11 00:12    1163264    ----a-w-    c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-11 00:12    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-11 00:12    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-11 00:12    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-11 00:12    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-11 00:12    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-11 00:12    2048    ----a-w-    c:\windows\SysWow64\user.exe
2014-03-02 09:03 . 2014-03-02 09:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-03-02 09:03 . 2014-03-02 09:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-03-02 09:03 . 2014-03-02 09:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-02 09:03 . 2014-03-02 09:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-02 09:03 . 2014-03-02 09:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-03-02 09:03 . 2014-03-02 09:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-03-02 09:03 . 2014-03-02 09:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-03-02 09:03 . 2014-03-02 09:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-03-02 09:03 . 2014-03-02 09:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-03-02 09:03 . 2014-03-02 09:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-03-02 09:03 . 2014-03-02 09:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-03-02 09:03 . 2014-03-02 09:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-03-02 09:03 . 2014-03-02 09:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-03-02 09:03 . 2014-03-02 09:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-03-02 09:03 . 2014-03-02 09:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-03-02 09:03 . 2014-03-02 09:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-03-02 09:03 . 2014-03-02 09:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-03-02 09:03 . 2014-03-02 09:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-03-02 09:03 . 2014-03-02 09:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-03-02 09:03 . 2014-03-02 09:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-03-02 09:03 . 2014-03-02 09:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-03-02 09:03 . 2014-03-02 09:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-03-02 09:03 . 2014-03-02 09:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-03-02 09:03 . 2014-03-02 09:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-03-02 09:03 . 2014-03-02 09:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-03-02 09:03 . 2014-03-02 09:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-03-02 09:03 . 2014-03-02 09:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-03-02 09:03 . 2014-03-02 09:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-03-02 09:03 . 2014-03-02 09:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-03-02 09:03 . 2014-03-02 09:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-03-02 09:03 . 2014-03-02 09:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-03-02 09:03 . 2014-03-02 09:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-03-02 09:03 . 2014-03-02 09:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-03-02 09:03 . 2014-03-02 09:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-03-02 09:03 . 2014-03-02 09:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-03-02 09:03 . 2014-03-02 09:03    413696    ----a-w-    c:\windows\system32\html.iec
2014-03-02 09:03 . 2014-03-02 09:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-02 09:03 . 2014-03-02 09:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-03-02 09:03 . 2014-03-02 09:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-03-02 09:03 . 2014-03-02 09:03    235520    ----a-w-    c:\windows\system32\url.dll
2014-03-02 09:03 . 2014-03-02 09:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-03-02 09:03 . 2014-03-02 09:03    147968    ----a-w-    c:\windows\system32\occache.dll
2014-03-02 09:03 . 2014-03-02 09:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-03-02 09:03 . 2014-03-02 09:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-03-02 09:03 . 2014-03-02 09:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-03-02 09:03 . 2014-03-02 09:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-03-02 09:03 . 2014-03-02 09:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-03-01 09:19 . 2014-03-01 09:19    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-03-01 09:19 . 2014-03-01 09:19    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-03-01 09:19 . 2014-03-01 09:19    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-03-01 09:19 . 2014-03-01 09:19    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-01 09:19 . 2014-03-01 09:19    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-03-01 09:19 . 2014-03-01 09:19    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-03-01 09:19 . 2014-03-01 09:19    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2014-03-01 09:19 . 2014-03-01 09:19    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2014-03-01 09:19 . 2014-03-01 09:19    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-03-01 09:19 . 2014-03-01 09:19    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2014-03-01 09:19 . 2014-03-01 09:19    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-03-01 09:19 . 2014-03-01 09:19    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-01 09:19 . 2014-03-01 09:19    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-03-01 09:19 . 2014-03-01 09:19    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2014-03-01 09:19 . 2014-03-01 09:19    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-01 09:19 . 2014-03-01 09:19    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-03-01 09:19 . 2014-03-01 09:19    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-24 17:54    750064    ----a-w-    c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-02 8098848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.espncricinfo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-13  07:02:26
ComboFix-quarantined-files.txt  2014-05-13 12:02
ComboFix2.txt  2014-05-09 07:44
ComboFix3.txt  2014-05-09 07:06
.
Pre-Run: 933,890,912,256 bytes free
Post-Run: 933,610,831,872 bytes free
.
- - End Of File - - A800EE53325AB4A715D3C524A51C25D0
A36C5E4F47E84449FF07ED3517B43A31

-------------------

 

Link to post
Share on other sites

You have two Security systems installed, that fact will cause major problems for your system, one of those must be UNinstall asap....

 

Also you actually ran CF 3 times, let me see the first scan, will be here: C:\QooBox\ComboFix3.txt

 

Also this file: C:\QooBox\ComboFix-quarantined-files.txt

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next.

 

Malwarebytes 2.0, please run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Kevin....

 

 

fixlist.txt

Link to post
Share on other sites

Still having issues - Malwarbytes 2.0 (or MalwareBytes in general) doesnt open/work etc.

 

Iam attaching Combofix3.txt. Also attaching the Combofix-quarantined files.

 

I did the Fixlist.txt thing - and am attaching that log as well.

 

After doing FRST and fixlist, I tried to from my downloads run mbam-setup-2.0.1.1004 - to get and run Malwarebytes 2.0. Didnt work, wouldnt let me do it (gives me "The exception unknown software exception (0x40000015) occurred in the application at location 0x6e38d6fd).

 

(I tried running my old Malwarebytes, and that too didnt work - giving me the same old vbalsgrid error).

 

What security system should I uninstall? Let me know and I'll do it.I thought I had disabled most of them at the moment...(I think I have Windows Defended and Microsoft Security Essentials downloaded recently, but disabled - Norton has not been active for a long time, cant get MalwareBytes to run..

 

c8w

 

---------------Combofix3.txt----------------

 

ComboFix 14-05-07.03 - c8w 05/09/2014   2:38.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6007.4797 [GMT -5:00]
Running from: \\C8W-PC\Users\c8w\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))
.
.
2014-05-09 07:43 . 2014-05-09 07:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-09 07:30 . 2014-05-09 07:30    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-09 07:30 . 2014-04-03 14:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-09 07:30 . 2014-04-03 14:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-09 07:20 . 2014-05-09 07:20    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{83408181-1F82-40FB-A886-E75944EBD01B}\offreg.dll
2014-05-09 07:05 . 2014-04-17 10:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{83408181-1F82-40FB-A886-E75944EBD01B}\mpengine.dll
2014-05-09 06:55 . 2014-04-16 08:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3441C653-F347-496E-9CD3-D68A11A7358D}\mpengine.dll
2014-04-30 01:43 . 2014-04-30 01:43    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D8136E-078F-44AA-A639-7BCC0CB3DF3B}\gapaengine.dll
2014-04-30 01:43 . 2014-04-16 08:22    10651704    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-30 00:34 . 2014-04-30 00:34    --------    d-----w-    C:\Mozilla
2014-04-30 00:19 . 2014-04-30 00:19    --------    d-----w-    C:\Malwarebytes
2014-04-29 08:20 . 2014-04-30 01:42    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-04-29 08:20 . 2014-04-30 01:42    --------    d-----w-    c:\program files\Microsoft Security Client
2014-04-29 06:25 . 2014-04-29 12:32    --------    d-----w-    c:\programdata\Intel
2014-04-29 05:32 . 2014-04-29 05:32    --------    d-----w-    c:\users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-29 02:32 . 2014-04-30 03:42    --------    d-----w-    c:\users\c8w\AppData\Local\ElevatedDiagnostics
2014-04-29 02:31 . 2014-04-30 05:17    --------    d-----w-    c:\users\c8w\AppData\Local\Diagnostics
2014-04-27 12:37 . 2014-04-27 12:37    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-27 12:36 . 2014-04-14 02:24    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-27 12:36 . 2014-04-14 02:19    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-27 08:29 . 2014-04-27 08:29    --------    d-sh--w-    c:\users\c8w\AppData\Local\EmieUserList
2014-04-27 08:29 . 2014-04-27 08:29    --------    d-sh--w-    c:\users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:17 . 2014-04-26 22:17    --------    d-----w-    C:\found.002
2014-04-19 08:10 . 2014-04-19 08:10    --------    d-----w-    c:\windows\Migration
2014-04-18 21:46 . 2014-04-18 21:47    --------    d-----w-    C:\1ecf0e8d619db79d924a814a19688e
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 01:53 . 2014-02-26 20:08    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-04-04 14:48 . 2014-02-25 21:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 14:48 . 2014-02-25 21:17    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-03 14:50 . 2014-02-25 18:32    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-31 14:35 . 2014-02-25 21:19    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-14 20:48 . 2014-03-14 20:48    561800    ----a-w-    c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
2014-03-13 17:36 . 2014-03-13 17:36    172592    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-03-11 14:52 . 2014-03-11 14:52    133928    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-11 00:12    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-03-02 09:03 . 2014-03-02 09:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-03-02 09:03 . 2014-03-02 09:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-03-02 09:03 . 2014-03-02 09:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-02 09:03 . 2014-03-02 09:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-02 09:03 . 2014-03-02 09:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-03-02 09:03 . 2014-03-02 09:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-03-02 09:03 . 2014-03-02 09:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-03-02 09:03 . 2014-03-02 09:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-03-02 09:03 . 2014-03-02 09:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-03-02 09:03 . 2014-03-02 09:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-03-02 09:03 . 2014-03-02 09:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-03-02 09:03 . 2014-03-02 09:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-03-02 09:03 . 2014-03-02 09:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-03-02 09:03 . 2014-03-02 09:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-03-02 09:03 . 2014-03-02 09:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-03-02 09:03 . 2014-03-02 09:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-03-02 09:03 . 2014-03-02 09:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-03-02 09:03 . 2014-03-02 09:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-03-02 09:03 . 2014-03-02 09:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-03-02 09:03 . 2014-03-02 09:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-03-02 09:03 . 2014-03-02 09:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-03-02 09:03 . 2014-03-02 09:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-03-02 09:03 . 2014-03-02 09:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-03-02 09:03 . 2014-03-02 09:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-03-02 09:03 . 2014-03-02 09:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-03-02 09:03 . 2014-03-02 09:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-03-02 09:03 . 2014-03-02 09:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-03-02 09:03 . 2014-03-02 09:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-03-02 09:03 . 2014-03-02 09:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-03-02 09:03 . 2014-03-02 09:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-03-02 09:03 . 2014-03-02 09:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-03-02 09:03 . 2014-03-02 09:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-03-02 09:03 . 2014-03-02 09:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-03-02 09:03 . 2014-03-02 09:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-03-02 09:03 . 2014-03-02 09:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-03-02 09:03 . 2014-03-02 09:03    413696    ----a-w-    c:\windows\system32\html.iec
2014-03-02 09:03 . 2014-03-02 09:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-02 09:03 . 2014-03-02 09:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-03-02 09:03 . 2014-03-02 09:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-03-02 09:03 . 2014-03-02 09:03    235520    ----a-w-    c:\windows\system32\url.dll
2014-03-02 09:03 . 2014-03-02 09:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-03-02 09:03 . 2014-03-02 09:03    147968    ----a-w-    c:\windows\system32\occache.dll
2014-03-02 09:03 . 2014-03-02 09:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-03-02 09:03 . 2014-03-02 09:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-03-02 09:03 . 2014-03-02 09:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-03-02 09:03 . 2014-03-02 09:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-03-02 09:03 . 2014-03-02 09:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-03-01 09:19 . 2014-03-01 09:19    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-03-01 09:19 . 2014-03-01 09:19    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-03-01 09:19 . 2014-03-01 09:19    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-03-01 09:19 . 2014-03-01 09:19    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-03-01 09:19 . 2014-03-01 09:19    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-03-01 09:19 . 2014-03-01 09:19    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-03-01 09:19 . 2014-03-01 09:19    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2014-03-01 09:19 . 2014-03-01 09:19    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2014-03-01 09:19 . 2014-03-01 09:19    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-03-01 09:19 . 2014-03-01 09:19    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-01 09:19 . 2014-03-01 09:19    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2014-03-01 09:19 . 2014-03-01 09:19    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-03-01 09:19 . 2014-03-01 09:19    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-03-01 09:19 . 2014-03-01 09:19    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-03-01 09:19 . 2014-03-01 09:19    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2014-03-01 09:19 . 2014-03-01 09:19    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-01 09:19 . 2014-03-01 09:19    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-03-01 09:19 . 2014-03-01 09:19    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2014-03-01 09:19 . 2014-03-01 09:19    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-03-01 09:19 . 2014-03-01 09:19    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2014-03-01 09:19 . 2014-03-01 09:19    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2014-03-01 09:19 . 2014-03-01 09:19    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2014-03-01 09:19 . 2014-03-01 09:19    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2014-03-01 09:19 . 2014-03-01 09:19    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2014-03-01 09:19 . 2014-03-01 09:19    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2014-03-01 09:19 . 2014-03-01 09:19    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2014-03-01 09:19 . 2014-03-01 09:19    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-28 09:06 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-24 17:54    750064    ----a-w-    c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-02 8098848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.espncricinfo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-09  02:44:28
ComboFix-quarantined-files.txt  2014-05-09 07:44
ComboFix2.txt  2014-05-09 07:06
.
Pre-Run: 934,147,244,032 bytes free
Post-Run: 934,088,531,968 bytes free
.
- - End Of File - - 3F6F33E19B89253A67D34EAEEC685F44
A36C5E4F47E84449FF07ED3517B43A31

 

-----------------combofix-quarantined-files.txt---------------

 

2014-05-09 07:06:06 . 2014-05-09 07:06:06              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-05-09 07:05:28 . 2014-05-13 12:01:50               92 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2014-05-09 07:05:19 . 2014-05-09 07:05:19              230 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-RunOnce-SPReview.reg.dat
2014-05-09 06:55:49 . 2014-05-13 12:00:01            3,944 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-05-09 06:42:12 . 2014-05-13 11:56:54              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-05-09 04:15:13 . 2014-05-09 04:15:13           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\c8w\AppData\Local\Temp\nsw2DF4.tmp\System.dll.vir
2013-07-26 22:16:27 . 2013-07-26 22:16:28                9 ----a-w-  C:\Qoobox\Quarantine\C\END.vir
 

 

---------------Fixlog.txt---------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2014
Ran by c8w at 2014-05-15 16:54:42 Run:1
Running from C:\Users\c8w\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Winlogon: [shell]  [0 ] () <=== ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\PROTOCOLS\Handler\symres => Key deleted successfully.
HKCR\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\about => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully.

==== End of Fixlog ====

 

----------------------

 

Link to post
Share on other sites

Having two security systems with AV components is really bad news, even when disabled there will still be issues. Can you remove one of them and keep the other...

 

MSE removal tool available here: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

NIS removal tool available here: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=BBE712D734408EDEC825943F03616E6A.4?pvid=f-ho

 

Next,

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Now do the following:

 

  •   
       
  • Click on Start and select Control Panel
       
  • Open Uninstall a Program
       
  • Uninstall Malwarebytes' Anti-Malware
       
  • Restart your computer, very important to do that!!
       
  • Run mbam-clean.exe
       
  • It will ask to restart your computer, please allow it to do so, very important!!

 

Next,

 

Please download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post that log

Link to post
Share on other sites

My issues are much worse than anticipated :-(

 

1. Tried to remove Norton (since its been defunct for a long time)...downloaded the NIS Removal Tool, and tried to run it - would not work. Said it couldnt do it (I think it said file couldnt open etc)

 

2. Then downloaded MSE Removal Tool, and ran that - thought it ran and worked.

 

(BTW, in general when Iam downloading and trying to run them, they dont open - box pops up saying "your internet security settings wont allow it to open" etc. So I go to the start button, to computer, to the downloaded files area, and run them from there - and it allows me to run them from there...)

 

3. Then downloaded and saved mbam-clean.exe and saved it. Saved ok.

 

4. Went to Control Panel, tried to "uninstall a program" - wouldnt work. Cant open that itself, cant uninstall...

 

So, I went manually into Program Files etc - and went to Malware Bytes, and uninstalled. Had a couple of versions I think, uninstalled them both. Also went to downloaded files area - and deleted/removed "mbar" etc...

 

5. Then ran MBam-clean.exe - it asked to restart the computer etc.

 

Computer restarted - and on windows restarting, box popped up saying "Microsoft Security Client - an error has occurred in the program during initialization. If this problem continues, please contact your system administrator. Error Code: 0x80070002"

 

I clicked on ok, and continued...

 

6. Double-clicked mbam-setup.exe and tried to get that going...window popped up saying "setup..Runtime Error (at 49-252): External exception E06D7363

 

Had to click "ok" - on clicking ok, the setup of malwarebytes continued..then window popped up saying "Internal error: expression error "runtime error (at 35:89); External exception E06DE7363

 

And then malwarebytes would not run, with window saying "application error "The exception unknown software exception (0x40000015) occurred in the application at location 0x6ed0d6fd. click on ok to terminate the program"...

 

 

Help :-)

 

 

c8w

Link to post
Share on other sites

See if you can run OTL :-

 

Download OTLI.gifOTL from any of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates.com/OT-Tools/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.scr

 

  •  

       

  • Double click on the icon otlDesktopIcon.png to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.

     

       

  • When the window appears, underneath Output at the top, make sure Standard output is selected.

     

       

  • Select Scan all users <<--Very important

     

       

  • Under the Extra Registry section, check Use SafeList

     

       

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

     

       

  • Under the Custom Scan box paste this in:
    netsvcs%systemroot%\*. /mp /s%systemroot%\*. /rp /smsconfig%SYSTEMDRIVE%\*.exe%LOCALAPPDATA%\*.exe/md5startconsrv.dllexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stopCREATERESTOREPOINT
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.

     

       

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

     

       

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

     

     

Link to post
Share on other sites

OK, managed to get OTL to run after some difficulty (I could not cut-n-paste the things you wanted me to type in Custom Scan Box - it wouldnt do it. I typed it in eventually..). Starting the computer was then a bit difficult also - it wouldnt start up right away, went to startup repair which failed etc..but finally windows came back up with a microsoft error warning..)

 

It seems like I *can* cut and paste the files here however...so am including both OTL.txt and Extras.txt below...

 

Thanks.

 

c8w

 

------------------------------

 

OTL logfile created on: 5/16/2014 12:10:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\c8w\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.87 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 80.54% Memory free
11.73 Gb Paging File | 10.50 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 867.95 Gb Free Space | 94.57% Space Free | Partition Type: NTFS
 
Computer Name: C8W-PC | User Name: c8w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/15 20:47:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c8w\Downloads\OTL.exe
PRC - [2014/03/29 01:55:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/29 01:55:21 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/04/04 09:48:45 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/29 01:55:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/11/24 12:54:50 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/14 15:48:45 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2014/03/13 12:36:20 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 19:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 19:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/11/24 13:00:23 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/11/24 13:00:23 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/11/24 13:00:23 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/11/24 13:00:23 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/11/06 02:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/11/24 13:00:23 | 000,397,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvia64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
 
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.espncricinfo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2014/04/29 07:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/02/25 16:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c8w\AppData\Roaming\Mozilla\Extensions
[2014/03/21 04:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default\extensions
[2014/03/29 01:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:55:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2014/05/09 01:57:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3180FDA-D242-45C2-9093-FA5857FF4F89}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/15 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/15 19:14:02 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/15 19:14:02 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/15 19:14:02 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/15 19:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/15 19:14:02 | 000,000,000 | ---D | C] -- C:\Users\c8w\AppData\Roaming\Malwarebytes
[2014/05/15 16:54:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/15 16:54:16 | 000,000,000 | ---D | C] -- \FRST
[2014/05/15 16:51:07 | 000,000,000 | ---D | C] -- C:\Fixes
[2014/05/15 16:51:07 | 000,000,000 | ---D | C] -- \Fixes
[2014/05/15 16:05:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/05/15 16:05:54 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2014/05/15 14:04:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/05/15 14:04:09 | 000,000,000 | --SD | C] -- \ComboFix
[2014/05/15 03:02:38 | 000,000,000 | ---D | C] -- C:\Screensaver
[2014/05/15 03:02:38 | 000,000,000 | ---D | C] -- \Screensaver
[2014/05/15 03:02:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 03:02:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 19:31:37 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 19:31:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/13 07:02:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/05/09 16:37:47 | 000,000,000 | ---D | C] -- C:\found.003
[2014/05/09 16:37:47 | 000,000,000 | ---D | C] -- \found.003
[2014/05/09 01:42:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/05/09 01:42:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/05/09 01:42:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/05/08 23:38:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/08 23:38:04 | 000,000,000 | ---D | C] -- \Qoobox
[2014/05/08 23:37:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/29 19:34:30 | 000,000,000 | ---D | C] -- C:\Mozilla
[2014/04/29 19:34:30 | 000,000,000 | ---D | C] -- \Mozilla
[2014/04/29 19:19:41 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2014/04/29 19:19:41 | 000,000,000 | ---D | C] -- \Malwarebytes
[2014/04/29 03:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/04/29 03:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/29 01:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2014/04/29 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
[2014/04/28 21:32:22 | 000,000,000 | ---D | C] -- C:\Users\c8w\AppData\Local\ElevatedDiagnostics
[2014/04/28 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\c8w\AppData\Local\Diagnostics
[2014/04/27 07:37:22 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/27 03:29:17 | 000,000,000 | -HSD | C] -- C:\Users\c8w\AppData\Local\EmieUserList
[2014/04/27 03:29:17 | 000,000,000 | -HSD | C] -- C:\Users\c8w\AppData\Local\EmieSiteList
[2014/04/26 17:17:52 | 000,000,000 | ---D | C] -- C:\found.002
[2014/04/26 17:17:52 | 000,000,000 | ---D | C] -- \found.002
[2014/04/25 02:28:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/04/21 23:08:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/21 23:08:32 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/21 23:08:31 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/21 23:08:19 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/21 23:08:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/21 23:08:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/21 23:08:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/21 23:08:18 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/21 23:08:17 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/21 23:08:17 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/21 23:08:17 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/21 23:08:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/21 23:08:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/21 23:08:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/21 23:08:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/21 23:08:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/21 23:08:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/21 23:08:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/21 23:08:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/21 23:08:15 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/21 23:08:15 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/21 23:08:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/21 23:08:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/21 23:08:14 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/21 23:08:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/21 23:08:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/21 23:08:12 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/21 23:08:12 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/21 23:08:10 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/19 03:10:45 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/18 16:46:23 | 000,000,000 | ---D | C] -- C:\1ecf0e8d619db79d924a814a19688e
[2014/04/18 16:46:23 | 000,000,000 | ---D | C] -- \1ecf0e8d619db79d924a814a19688e
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/16 00:06:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/16 00:06:37 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/15 23:59:11 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/15 23:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/15 23:58:49 | 429,203,455 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/15 23:54:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/15 23:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/15 19:14:04 | 000,000,914 | ---- | M] () -- C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/15 18:41:07 | 000,016,594 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/05/15 18:40:52 | 002,338,700 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008030.006\Cat.DB
[2014/05/13 06:53:47 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/09 01:57:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/09 01:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 01:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/05 22:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 21:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/29 23:31:07 | 000,000,051 | ---- | M] () -- C:\Users\c8w\AppData\Roaming\mbam.context.scan
[2014/04/26 22:12:05 | 000,021,392 | ---- | M] () -- C:\bootsqm.dat
[2014/04/25 02:28:11 | 764,906,552 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/19 13:13:36 | 000,773,536 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/19 13:13:36 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 13:13:36 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 13:13:31 | 000,773,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/18 18:17:11 | 000,000,304 | ---- | M] () -- C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/15 19:14:04 | 000,000,914 | ---- | C] () -- C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/15 18:41:06 | 000,016,594 | ---- | C] () -- C:\FixitRegBackup.reg
[2014/05/15 18:41:06 | 000,016,594 | ---- | C] () -- \FixitRegBackup.reg
[2014/05/09 01:42:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/05/09 01:42:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/05/09 01:42:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/05/09 01:42:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/05/09 01:42:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/29 23:31:07 | 000,000,051 | ---- | C] () -- C:\Users\c8w\AppData\Roaming\mbam.context.scan
[2014/04/29 20:47:34 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/26 22:12:05 | 000,021,392 | ---- | C] () -- C:\bootsqm.dat
[2014/04/26 22:12:05 | 000,021,392 | ---- | C] () -- \bootsqm.dat
[2014/04/25 02:28:11 | 764,906,552 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/19 03:11:55 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 18:17:11 | 000,000,304 | ---- | C] () -- C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
[2011/12/26 03:50:56 | 000,012,360 | -HS- | C] () -- C:\ProgramData\au28rqra8fv2700kr8366nd3am6oq5t1
[2010/10/14 21:13:07 | 000,010,920 | ---- | C] () -- \aolconnfix.exe
[2010/09/21 21:39:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/25 16:07:04 | 000,000,308 | -H-- | C] () -- \LPCD.DAT
[2009/11/24 12:16:06 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009/10/27 01:36:33 | 000,003,411 | -H-- | C] () -- \E0Z0LP11.MD5
[2007/10/10 14:50:53 | 429,203,455 | -HS- | C] () -- \hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*. /rp /s >
 
< %SYSTEMDRIVE%\*.exe >
[2010/10/14 21:13:07 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
 
< %LOCALAPPDATA%\*.exe >
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >
 

--------------------

----------------------

 

OTL Extras logfile created on: 5/16/2014 12:10:46 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\c8w\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.87 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 80.54% Memory free
11.73 Gb Paging File | 10.50 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.74 Gb Total Space | 867.95 Gb Free Space | 94.57% Space Free | Partition Type: NTFS
 
Computer Name: C8W-PC | User Name: c8w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1C235-AAB7-46F0-9C40-EE1DA5AEF8BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A27AEA2-8699-473F-8354-F27D29BB0F8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{261DAD5B-1FC3-4DAA-A3F0-EDACB042217A}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A33FB67-3A23-44DC-84BB-DAE950A73716}" = lport=445 | protocol=6 | dir=in | app=system |
"{35F90846-5A93-4BB2-B5F3-BEABF2378111}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B26AEBB-539E-4547-B8D6-1C70BB846A7E}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A5FB29A-2B12-40C8-9C40-098992CB4FC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E70D465-A40B-4E42-8810-D2EBD13FA18B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B18B211-9A99-4CBB-A475-3D74D69C8CBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C45B319-21A6-4F31-9E9F-F081F855B532}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7F3E0AF8-7C1E-4FDA-9B78-C5343A5E9296}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9789B850-7658-4EB9-ADDF-BA34D06401F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D98FDD1-AB47-4A3A-95E7-B93C4058F146}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2E3D6DE-999F-43D3-9F17-2A929E3A4C34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A361851B-51A9-4038-8EB8-9B9E0BCCE04B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3B61AE4-D22B-47A8-AF5F-9F1F98096597}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADCC15D3-CBAE-461E-A657-86D482CC65CE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B004E41E-3370-4492-9652-AB1582B3F74B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B699BF6B-CCDC-4C2C-81F1-AA47644CB29B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9AE659F-EB4B-4BF9-8F0A-151A25DC9861}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFA81043-1240-4C2C-AE90-3FD9257712E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBEEE08F-D882-4E1E-B55A-3DDEDF931F74}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF832FE0-DFB2-4F5A-8F9E-1AD55C33F0E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F2E23-200C-45A7-95DD-F1EE2A598A7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D4A3F60-0658-485C-9A47-23362B030016}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E030F7F-29E2-41C8-B9B9-9D3B9C39B337}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3EE90CDC-CA17-4410-A4E5-4C5D9FF4DD6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53535960-79CF-4871-AC86-1E7D4ABCFF5C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A543D79-EFDF-4435-BC49-07CBB58ED1E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D32260D-E5A9-48EB-AD59-7DAA9F44A7B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7710B6B3-11CF-4160-9321-6DA14450CA01}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8B45161E-5FAC-43CD-9CED-643BAD4F3BA0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94E7B29D-6ACF-43B2-BA46-86D0825FFB97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DE224FC-22D7-4B96-B3CA-9E7C75D5868D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A292C22B-0B6F-472D-88BA-B9FF876FB33A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A485B53A-2CF6-4919-B993-FF6EF96C87B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AAA2963D-C8D1-41C1-B05B-8D87E1C3C9D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B44D1008-6018-4C41-8FBB-CCD57141986C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C7AF5105-52B7-40D6-8C6A-5351ECC0EED9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8D6AF2B-7081-4EF0-8781-F66A2C41CE1B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9FF1E73-15DF-4D1C-B99E-FC82DFC8ADB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CC0DFD8C-0247-4164-A564-C3F2D926437C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4CA3FC6-3DC8-4DC3-9F5F-5B0FB27D8FE8}" = protocol=6 | dir=out | app=system |
"{D57A57B8-DC2C-48AA-91CD-5FF9A8075F5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D77C3B4D-9ABA-4A79-8D55-A4CBF8A65296}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D9CE3154-2029-4E6B-9DA7-9334F7338BE1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F99081D9-E989-418C-9829-4030DF52A9A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/29/2014 11:47:57 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:47:57 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:48:02 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:48:02 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:48:02 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:50:56 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:50:56 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:50:56 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:50:56 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
Error - 4/29/2014 11:50:56 PM | Computer Name = c8w-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: The keyset is not defined.  .
 
[ System Events ]
Error - 5/13/2014 6:53:06 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:53:11 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:53:20 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:53:50 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:54:18 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:54:27 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:54:36 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 6:54:37 AM | Computer Name = c8w-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
 
Error - 5/13/2014 6:54:51 AM | Computer Name = c8w-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 5/13/2014 7:45:22 AM | Computer Name = c8w-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 

Link to post
Share on other sites

Do not see any obvious malware in those logs, NIS and MSE are still very much installed.

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert. if applicable.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLIE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value foundIE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value foundIE - HKU\S-1-5-21-3816254454-4028438852-541787986-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value foundO2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.:FilesC:\ProgramData\PartnerC:\ProgramData\au28rqra8fv2700kr8366nd3am6oq5t1:Commands[emptytemp][createrestorepoint]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

See if you can remove one if the security programs with the following uninstaller

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

 

Next,

 

download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

Tweak1_zps10f67b3e.jpg

 

 

From the main GUI do the following:

 

 

Select Tab 2 and allow it to run Disk check

 

 

Tweak2_zps947b9008.jpg

 

 

Select Tab 3 and allow it to run SFC

 

 

Tweak3_zps64a1b448.jpg

 

 

Select Tab 4 and Create System Restore Point

 

 

Tweak4_zps98ef6707.jpg

 

 

Select Repairs tab => Click the Start

 

 

Tweak5_zps71b85f1c.jpg

 

 

The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...

 

 

Tweak9-1.png

 

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

Kevin..

Link to post
Share on other sites

Ok, did some of those, not able to do others :-(

 

1. Re-ran OTL - it didnt work, said "not responding" (BTW, still am not able to cut-paste in the OTL window, so typed it manually)....but didnt respond.

 

2. So then I tried to do the Geek uninstaller etc  - downloaded it, tried to run it to uninstall...it doesnt list any security things other than Malwarebytes. I used it to uninstall Malwarebytes. The others are Adobe, Compatibility pack for 2007 Office, ebay worldwide, Intel matrix Storage manager, Microsoft .NET Framework 4.5.1, Microsoft Choice Guard, Microsoft Ofice File Validation, Mic.Off Power Point, Mic Off Suite, Mic. Silverlight, Mic. SQL server, Mic. visual C++ (2 of them), Mic. works, MSXML 4.0 (2 of them), Windows Live Sign-in assitant, Windows Live Sync, Windows Live Upload Tool. Thats it. Any of those it would be good to uninstall?

 

3. Then I downloaded Portable Windows Repair (all in one)...The Tweaking.com Windows Repair opened...but when I tried to run it, it doesnt do it - pops up a window that says "Invalid Picture"..

 

So then I retried again, all of it...

 

Second attempt:

 

1. Re-ran OTL...this time it worked! Iam attaching the file below

 

2. Re-ran Geek uninstaller etc...still the same - only those programs listed, no other security program listed..

 

3. Re-ran Portable Windows Repair - still the same, doesnt work, says "Invalid picture"...

 

Iam attaching the log from OTL below...

 

(BTW, had a thought - a while ago, when my computer was giving me trouble - this was before I couldnt run malwarebytes which happened only now - I had considered doing a full reboot...but had found something which said "reboot but save files", so I had done that a couple of times. Is that causing a problem? For example the "uninstall" of Norton, MSE etc - they arent listing as programs at all right now...could a vestige of it be saved in backup for some reason and not showing up? Just a thought, I dont know...)

 

Thanks...

 

c8w

 

---------------------

 

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_USERS\S-1-5-21-3816254454-4028438852-541787986-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
========== FILES ==========
Folder move failed. C:\ProgramData\Partner scheduled to be moved on reboot.
C:\ProgramData\au28rqra8fv2700kr8366nd3am6oq5t1 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: c8w
->Temp folder emptied: 9972673 bytes
->Temporary Internet Files folder emptied: 38077137 bytes
->FireFox cache emptied: 24094254 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 32104 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1443717 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43265440 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 117.00 mb
 
System Restore Service not available.
 
OTL by OldTimer - Version 3.2.69.0 log created on 05162014_171850
 

-------------------

 

Link to post
Share on other sites

Do not use "Cut" when you use copy functions, highlight the script, select Ctrl and C keys together, or Right click > Copy. Put your cursor into the text field then select Ctrl and V keys or Right click > Paste...

 

I want you to run FRST one more time and post fresh logs, make sure to check mark "Addition" box under optional scan options...

Link to post
Share on other sites

I have actually been trying control-c and control-v to cut/paste previously - and it didnt work...which is why I had to type it up..

 

Ran the FRST again - here are the results (attaching both FRST.txt and Addition.txt)...

 

Thanks. Anything else I can try?

 

c8w

 

-------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by c8w (administrator) on C8W-PC on 16-05-2014 22:40:39
Running from C:\Users\c8w\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3816254454-4028438852-541787986-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default
FF Homepage: hxxp://www.espncricinfo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2014-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [397360 2009-11-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-11-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-11-24] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-11-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-03-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-11-24] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 22:40 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\c8w\Downloads\FRST-OlderVersion
2014-05-16 16:58 - 2014-05-16 16:58 - 00000000 ____D () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio
2014-05-16 16:55 - 2014-05-16 16:55 - 03589534 _____ () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio.zip
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\c8w\Downloads\geek
2014-05-16 16:46 - 2014-05-16 16:46 - 02455055 _____ () C:\Users\c8w\Downloads\geek.zip
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\_OTL
2014-05-16 00:19 - 2014-05-16 00:19 - 00040060 _____ () C:\Users\c8w\Downloads\Extras.Txt
2014-05-16 00:18 - 2014-05-16 00:18 - 00081480 _____ () C:\Users\c8w\Downloads\OTL.Txt
2014-05-15 20:47 - 2014-05-15 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\c8w\Downloads\OTL.exe
2014-05-15 19:14 - 2014-05-16 16:52 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Malwarebytes
2014-05-15 19:11 - 2014-05-15 19:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:03 - 2014-05-15 19:03 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 18:41 - 2014-05-15 18:41 - 00016594 _____ () C:\FixitRegBackup.reg
2014-05-15 18:39 - 2014-05-15 18:39 - 00899584 _____ () C:\Users\c8w\Downloads\MicrosoftFixit50535.msi
2014-05-15 18:34 - 2014-05-15 18:34 - 00869456 _____ () C:\Users\c8w\Downloads\Norton_Removal_Tool.exe
2014-05-15 16:54 - 2014-05-16 22:40 - 00000000 ____D () C:\FRST
2014-05-15 16:51 - 2014-05-15 16:53 - 00000000 ____D () C:\Fixes
2014-05-15 14:04 - 2014-05-15 14:08 - 00000000 ___SD () C:\ComboFix
2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Screensaver
2014-05-15 03:02 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:02 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:02 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:02 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 02:31 - 2014-05-16 22:41 - 00008446 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-15 02:31 - 2014-05-15 02:31 - 00015869 _____ () C:\Users\c8w\Downloads\Addition.txt
2014-05-15 02:29 - 2014-05-15 02:31 - 00000000 ____D () C:\Users\c8w\Downloads\FRST
2014-05-15 02:28 - 2014-05-16 22:40 - 02067456 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-14 19:31 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:31 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 01:42 - 2014-05-09 02:09 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 01:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 01:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 23:38 - 2014-05-15 14:04 - 00000000 ____D () C:\Qoobox
2014-05-08 23:37 - 2014-05-09 01:58 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 23:36 - 2014-05-13 06:54 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 20:47 - 2014-05-13 06:53 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:38 - 2014-04-29 20:39 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 01:25 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-27 07:39 - 2014-04-27 07:48 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 07:37 - 2014-05-15 16:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 02:28 - 2014-04-25 02:28 - 764906552 _____ () C:\Windows\MEMORY.DMP
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-21 23:08 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 23:08 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 23:08 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 23:08 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 23:08 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 23:08 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 23:08 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 23:08 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 23:08 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 23:08 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 23:08 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 23:08 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 03:11 - 2014-04-19 13:13 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 18:17 - 2014-04-18 18:17 - 00000304 _____ () C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
2014-04-18 16:46 - 2014-04-18 16:47 - 00000000 ____D () C:\1ecf0e8d619db79d924a814a19688e

==================== One Month Modified Files and Folders =======

2014-05-16 22:41 - 2014-05-15 02:31 - 00008446 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-16 22:40 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\c8w\Downloads\FRST-OlderVersion
2014-05-16 22:40 - 2014-05-15 16:54 - 00000000 ____D () C:\FRST
2014-05-16 22:40 - 2014-05-15 02:28 - 02067456 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-16 22:33 - 2014-04-04 09:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 22:33 - 2014-02-25 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 22:33 - 2014-02-24 18:03 - 01256113 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 17:27 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 17:27 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 17:20 - 2014-04-04 09:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 17:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 17:19 - 2009-11-24 13:01 - 00145124 _____ () C:\Windows\PFRO.log
2014-05-16 17:19 - 2009-07-13 23:51 - 00038858 _____ () C:\Windows\setupact.log
2014-05-16 16:58 - 2014-05-16 16:58 - 00000000 ____D () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio
2014-05-16 16:55 - 2014-05-16 16:55 - 03589534 _____ () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio.zip
2014-05-16 16:52 - 2014-05-15 19:14 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Malwarebytes
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\c8w\Downloads\geek
2014-05-16 16:46 - 2014-05-16 16:46 - 02455055 _____ () C:\Users\c8w\Downloads\geek.zip
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\_OTL
2014-05-16 09:26 - 2014-02-24 17:12 - 00000000 ____D () C:\Users\c8w
2014-05-16 00:19 - 2014-05-16 00:19 - 00040060 _____ () C:\Users\c8w\Downloads\Extras.Txt
2014-05-16 00:18 - 2014-05-16 00:18 - 00081480 _____ () C:\Users\c8w\Downloads\OTL.Txt
2014-05-15 20:47 - 2014-05-15 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\c8w\Downloads\OTL.exe
2014-05-15 19:12 - 2014-05-15 19:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:03 - 2014-05-15 19:03 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 18:41 - 2014-05-15 18:41 - 00016594 _____ () C:\FixitRegBackup.reg
2014-05-15 18:39 - 2014-05-15 18:39 - 00899584 _____ () C:\Users\c8w\Downloads\MicrosoftFixit50535.msi
2014-05-15 18:34 - 2014-05-15 18:34 - 00869456 _____ () C:\Users\c8w\Downloads\Norton_Removal_Tool.exe
2014-05-15 16:53 - 2014-05-15 16:51 - 00000000 ____D () C:\Fixes
2014-05-15 16:05 - 2014-02-24 17:16 - 00000000 ___RD () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:05 - 2014-02-24 17:16 - 00000000 ___RD () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:03 - 2014-04-27 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 14:08 - 2014-05-15 14:04 - 00000000 ___SD () C:\ComboFix
2014-05-15 14:04 - 2014-05-08 23:38 - 00000000 ____D () C:\Qoobox
2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Screensaver
2014-05-15 03:01 - 2014-02-26 15:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:00 - 2014-02-26 15:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:31 - 2014-05-15 02:31 - 00015869 _____ () C:\Users\c8w\Downloads\Addition.txt
2014-05-15 02:31 - 2014-05-15 02:29 - 00000000 ____D () C:\Users\c8w\Downloads\FRST
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-14 08:21 - 2014-03-29 01:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 07:01 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 06:54 - 2014-05-08 23:36 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-13 06:53 - 2014-04-29 20:47 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 02:09 - 2014-05-09 01:42 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:58 - 2014-05-08 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 01:14 - 2014-05-14 19:31 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 01:11 - 2014-05-14 19:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-05-05 23:40 - 2014-05-15 03:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:17 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:25 - 2014-05-15 03:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:07 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 22:00 - 2014-05-15 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 21:10 - 2014-05-15 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-30 14:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 01:06 - 2009-11-24 12:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 22:31 - 2014-02-25 14:13 - 00000000 ____D () C:\Users\c8w\Desktop\mbar
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 20:39 - 2014-04-29 20:38 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 07:32 - 2014-04-29 01:25 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 07:32 - 2014-03-13 12:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\Users\c8w\Downloads\Norton Internet Security
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\ProgramData\Norton
2014-04-29 07:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-29 06:05 - 2014-02-24 17:27 - 00000000 ____D () C:\Users\c8w\AppData\Local\Cyberlink
2014-04-29 06:04 - 2009-11-24 13:02 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-28 22:31 - 2014-02-25 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-27 07:48 - 2014-04-27 07:39 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 04:25 - 2009-11-24 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-25 02:28 - 2014-04-25 02:28 - 764906552 _____ () C:\Windows\MEMORY.DMP
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-22 00:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 13:13 - 2014-04-19 03:11 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-19 13:13 - 2009-07-14 00:13 - 00773536 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 22:53 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-18 18:17 - 2014-04-18 18:17 - 00000304 _____ () C:\Users\c8w\Desktop\CD Drive - Shortcut.lnk
2014-04-18 16:47 - 2014-04-18 16:46 - 00000000 ____D () C:\1ecf0e8d619db79d924a814a19688e
2014-04-17 06:30 - 2009-11-24 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2009-11-24 12:16

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by c8w at 2014-05-16 22:41:36
Running from C:\Users\c8w\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-05-2014 07:38:13 ComboFix created restore point
09-05-2014 08:00:11 Windows Update
12-05-2014 09:30:18 Windows Update
15-05-2014 08:00:13 Windows Update
15-05-2014 23:40:41 Installed Microsoft Fix it 50535
16-05-2014 08:00:29 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-05-09 01:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {181494F2-268E-46C5-94B0-0EAD8F849A10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated)
Task: {1D0E0BF6-EC91-46EF-A1C9-7590050454EA} - System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {220EC111-1046-423E-996B-5F2A74CB3047} - System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23} => Chrome.exe
Task: {246547AB-E353-4CC6-A263-0467834E3DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {292A5730-8337-454F-856D-38CCAFD40527} - System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189} => Chrome.exe
Task: {33608DEB-E373-4D7C-88E6-522D0F385030} - System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {3F7B7FD7-3721-4E39-9685-6FB7BF698116} - System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD} => Chrome.exe
Task: {6619630B-E22C-49DB-9FF1-DD4ED7D3EF84} - System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA} => Chrome.exe
Task: {739F9502-CC58-47D5-97E9-ECACF8C5DD8B} - System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {78C2D2A7-CAF7-41B7-9662-DB1C52B9177D} - System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC} => Chrome.exe
Task: {794DF342-A4C6-4DD0-835D-6E5E39BA825F} - System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187} => Chrome.exe
Task: {A2467B78-CC20-4B3C-9781-9337BFE1439C} - System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {A28DAA3A-E310-4C48-ACC4-03B4ABB40B8F} - System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {AD87A770-3E2F-4BBF-B9AC-A938FA2725EA} - System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A} => Chrome.exe
Task: {C9C09651-9F1B-403C-99A5-109D10D3AC29} - System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B} => Chrome.exe
Task: {CDC0D8B4-4097-486A-80EF-8D345E3C829F} - System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9} => Chrome.exe
Task: {FCCD2E95-A852-493A-AA70-844B1E59597D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-12-13 21:19 - 2009-12-09 04:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-03-29 01:55 - 2014-03-29 01:55 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Audio Device
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2014 05:09:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/16/2014 05:09:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/16/2014 05:09:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/16/2014 05:09:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f04

Start Time: 01cf714c51929ae7

Termination Time: 0

Application Path: C:\Users\c8w\Downloads\OTL.exe

Report Id: 9963f006-dd45-11e3-a028-90fba6482a4e

Error: (05/15/2014 10:54:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 79c

Start Time: 01cf70a9134c2567

Termination Time: 60000

Application Path: C:\Users\c8w\Downloads\OTL.exe

Report Id: 2433a390-dcad-11e3-9d90-90fba6482a4e

Error: (05/15/2014 10:53:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 10:53:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 10:53:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 07:14:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/15/2014 07:14:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.


System errors:
=============
Error: (05/16/2014 10:39:03 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:38:06 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (05/16/2014 10:37:38 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:36:57 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:36:08 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:35:34 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:35:25 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:34:58 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/16/2014 10:34:43 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (05/16/2014 10:34:19 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-09 01:57:21.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-09 01:57:21.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 6007.09 MB
Available physical RAM: 5004.34 MB
Total Pagefile: 12012.37 MB
Available Pagefile: 10687.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:917.74 GB) (Free:867.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 55295E62)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Link to post
Share on other sites

NIS is disabled and outdated, lets see if we can remove all remnants with FRST....

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

If your version of Malwarebytes is premium ensure you have license keys saved.....

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Now do the following:

 

 

  •   

     

       


  • Click on Start and select Control Panel

     

       


  • Open Uninstall a Program

     

       


  • Uninstall Malwarebytes' Anti-Malware

     

       


  • Restart your computer, very important to do that!!

     

       


  • Run mbam-clean.exe

     

       


  • It will ask to restart your computer, please allow it to do so, very important!!

     

     



 

 

Next,

 

Please download Malwarebytes Anti-Malware to your desktop.

 


  •  

     


  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

     

     


  • At the end, be sure a checkmark is placed next to the following:

     

     


  • Launch Malwarebytes Anti-Malware

     

     


  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

     

     


  • Click Finish.

     

     


  • On the Dashboard, click the 'Update Now >>' link

     

     


  • After the update completes, click the 'Scan Now >>' button.

     

     


  • Or, on the Dashboard, click the Scan Now >> button.

     

     


  • If an update is available, click the Update Now button.

     

     


  • A Threat Scan will begin.

     

     


  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

     

     


  • In most cases, a restart will be required.

     

     


  • Wait for the prompt to restart the computer to appear, then click on Yes.

     

     



 

 

How to get logs:

(Export log to save as txt)

 

 


  •  

     


  • After the restart once you are back at your desktop, open MBAM once more.

     

     


  • Click on the History tab > Application Logs.

     

     


  • Double click on the scan log which shows the Date and time of the scan just performed.

     

     


  • Click 'Export'.

     

     


  • Click 'Text file (*.txt)'

     

     


  • In the Save File dialog box which appears, click on Desktop.

     

     


  • In the File name: box type a name for your scan log.

     

     


  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".

     

     


  • Click Ok

     

     


  • Attach that saved log to your next reply.

     

     



 

 

(Copy to clipboard for pasting into forum replies or tickets)

 

 


  •  

     


  • After the restart once you are back at your desktop, open MBAM once more.

     

     


  • Click on the History tab > Application Logs.

     

     


  • Double click on the scan log which shows the Date and time of the scan just performed.

     

     


  • Click 'Copy to Clipboard'

     

     


  • Paste the contents of the clipboard into your reply.

     

     



 

 

Post logs please, also give update on remaining issues or concerns...

 

Kevin

 

***Edit... One other point, MSE appears to be still installed, updated but disabled. Can you re-enable realtime protection, see if that works... I attach image for reference..

 

 

 

 

fixlist.txt

post-3601-0-56519300-1400313501_thumb.jp

Link to post
Share on other sites

Things are a real mess :-(

 

1) I did the fixlist as you said, and am attaching. FRST ran etc..

 

2) I basically cant do anything else you said to. I saved mbam-clean. I went to Control Panels, to unistall...and it does nothing. I click on uninstall a program - it doesnt do anything on clicking that.

 

3) I ran mbam-clean. It asked me to re-start. I restarted.

 

4) Then I tried to download Malwarebytes Anti-Malware as you said. Didnt work. Does a few things, gets started, then stop...box pops up saying "Runtime Error (at 49:252): External Exception E06D7363.

 

So, I obviously cant run, save logs etc - because it wont get started in the first place!

 

5) As for MSE...I go to "start" and to Microsoft Security Essentials - wont open, box pops up saying "An error has occurred in the program during initialization. If this problem continues, please contact your system administrator. Error code: 0x80070002

 

(I went to "all programs" and tried to open it too - same result as above, same error, wont do it.

 

Is there *anything* I can do about this? As you can see, it isnt doing a few of the basic things it should be doing (uninstall etc)..

 

Am attaching fixlog.txt..

 

c8w

 

--------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by c8w at 2014-05-17 21:26:30 Run:2
Running from C:\Users\c8w\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ []
R2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2014-03-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [397360 2009-11-24] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-11-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-11-24] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-11-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2014-03-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-11-24] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091101.004\EX64.SYS [X]
C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys
C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
C:\Windows\System32\DRIVERS\SymIMv.sys
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
C:\Program Files (x86)\Norton Internet Security
C:\ProgramData\Norton
C:\Windows\System32\Drivers\NISx64
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
End
*****************

Default URLSearchHook was restored successfully .
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => Value deleted successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ => Moved successfully.
Norton Internet Security => Service deleted successfully.
BHDrvx64 => Unable to stop service
BHDrvx64 => Service deleted successfully.
ccHP => Service stopped successfully.
ccHP => Service deleted successfully.
IDSVia64 => Service stopped successfully.
IDSVia64 => Service deleted successfully.
SRTSP => Service deleted successfully.
SRTSPX => Service stopped successfully.
SRTSPX => Service deleted successfully.
SymEFA => Unable to stop service
SymEFA => Service deleted successfully.
SymEvent => Unable to stop service
SymEvent => Service deleted successfully.
SYMFW => Unable to stop service
SYMFW => Service deleted successfully.
SymIM => Service stopped successfully.
SymIM => Service deleted successfully.
SYMNDISV => Unable to stop service
SYMNDISV => Service deleted successfully.
SYMTDI => Unable to stop service
SYMTDI => Service deleted successfully.
catchme => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys => Moved successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys => Moved successfully.
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys => Moved successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS => Moved successfully.
C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS => Moved successfully.
C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS => Moved successfully.
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS => Moved successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS => Moved successfully.
C:\Windows\System32\DRIVERS\SymIMv.sys => Moved successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS => Moved successfully.
C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS => Moved successfully.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
C:\ProgramData\Norton => Moved successfully.
C:\Windows\System32\Drivers\NISx64 => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

Link to post
Share on other sites

Ok run the following and see if there is any improvement.....

 

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter.When finished type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

To get report, at command promt type or copy and paste:

findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

 

Next,

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Download and install CCleaner from here:

 

http://www.piriform.com/ccleaner/builds'> http://www.piriform.com/ccleaner/builds Ensure to select Slim version. (No Toolbar)


Run the installer to install the application.
Run CCleaner. default settings are fine
Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied
Close CCleaner and Re-Boot your system

 

See if MSE will reset and check if Malwarebytes will install...

 

Kevin

Link to post
Share on other sites

Nope, no real improvement...

 

1) I ran the scannow - will attach the report text..

 

2) Downloaded the Service Repair tool, and ran etc.

 

3) Downloaded, installed and ran CCleaner tool.

 

Then I tried to install Malwarebytes - and it didnt work. Did exactly the same as before - error box, then it kept trying to install further, another couple of error boxes. Then asked to launch Malwarebytes - and when it tried to launch, it failed due to error - and the box popped up asking to terminate. Same as had happened when I tried doing it before...

 

BTW, I mostly cannot cut-and-paste - even when doing the sfc thing, the cut-paste didnt work, had to type it. Also, I tried to "bookmark" this particular page on my firefox so Id be able to get to this easier - but bookmarking apparently isnt working either (it didnt show up in the bookmarks at all...)

 

c8w

 

SFCdetails...

 

---------------------

2014-05-19 22:43:55, Info                  CSI    00000009 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:43:55, Info                  CSI    0000000a [sR] Beginning Verify and Repair transaction
2014-05-19 22:43:59, Info                  CSI    0000000c [sR] Verify complete
2014-05-19 22:43:59, Info                  CSI    0000000d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:43:59, Info                  CSI    0000000e [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:01, Info                  CSI    00000010 [sR] Verify complete
2014-05-19 22:44:01, Info                  CSI    00000011 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:01, Info                  CSI    00000012 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:02, Info                  CSI    00000014 [sR] Verify complete
2014-05-19 22:44:02, Info                  CSI    00000015 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:02, Info                  CSI    00000016 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:04, Info                  CSI    00000018 [sR] Verify complete
2014-05-19 22:44:04, Info                  CSI    00000019 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:04, Info                  CSI    0000001a [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:06, Info                  CSI    0000001c [sR] Verify complete
2014-05-19 22:44:06, Info                  CSI    0000001d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:06, Info                  CSI    0000001e [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:09, Info                  CSI    00000020 [sR] Verify complete
2014-05-19 22:44:09, Info                  CSI    00000021 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:09, Info                  CSI    00000022 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:12, Info                  CSI    00000024 [sR] Verify complete
2014-05-19 22:44:12, Info                  CSI    00000025 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:12, Info                  CSI    00000026 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:14, Info                  CSI    00000028 [sR] Verify complete
2014-05-19 22:44:14, Info                  CSI    00000029 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:14, Info                  CSI    0000002a [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:16, Info                  CSI    0000002c [sR] Verify complete
2014-05-19 22:44:17, Info                  CSI    0000002d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:17, Info                  CSI    0000002e [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:19, Info                  CSI    00000030 [sR] Verify complete
2014-05-19 22:44:19, Info                  CSI    00000031 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:19, Info                  CSI    00000032 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:22, Info                  CSI    00000034 [sR] Verify complete
2014-05-19 22:44:22, Info                  CSI    00000035 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:22, Info                  CSI    00000036 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:24, Info                  CSI    00000038 [sR] Verify complete
2014-05-19 22:44:24, Info                  CSI    00000039 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:24, Info                  CSI    0000003a [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:27, Info                  CSI    0000003c [sR] Verify complete
2014-05-19 22:44:27, Info                  CSI    0000003d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:27, Info                  CSI    0000003e [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:32, Info                  CSI    00000041 [sR] Verify complete
2014-05-19 22:44:32, Info                  CSI    00000042 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:32, Info                  CSI    00000043 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:37, Info                  CSI    00000048 [sR] Verify complete
2014-05-19 22:44:38, Info                  CSI    00000049 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:38, Info                  CSI    0000004a [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:41, Info                  CSI    0000004d [sR] Verify complete
2014-05-19 22:44:41, Info                  CSI    0000004e [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:41, Info                  CSI    0000004f [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:45, Info                  CSI    00000051 [sR] Verify complete
2014-05-19 22:44:45, Info                  CSI    00000052 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:45, Info                  CSI    00000053 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:50, Info                  CSI    00000063 [sR] Verify complete
2014-05-19 22:44:50, Info                  CSI    00000064 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:50, Info                  CSI    00000065 [sR] Beginning Verify and Repair transaction
2014-05-19 22:44:55, Info                  CSI    0000007c [sR] Verify complete
2014-05-19 22:44:55, Info                  CSI    0000007d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:44:55, Info                  CSI    0000007e [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:00, Info                  CSI    00000080 [sR] Verify complete
2014-05-19 22:45:00, Info                  CSI    00000081 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:00, Info                  CSI    00000082 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:04, Info                  CSI    00000084 [sR] Verify complete
2014-05-19 22:45:04, Info                  CSI    00000085 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:04, Info                  CSI    00000086 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:09, Info                  CSI    00000088 [sR] Verify complete
2014-05-19 22:45:09, Info                  CSI    00000089 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:09, Info                  CSI    0000008a [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:14, Info                  CSI    0000008c [sR] Verify complete
2014-05-19 22:45:14, Info                  CSI    0000008d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:14, Info                  CSI    0000008e [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:18, Info                  CSI    00000090 [sR] Verify complete
2014-05-19 22:45:18, Info                  CSI    00000091 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:18, Info                  CSI    00000092 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:26, Info                  CSI    000000b5 [sR] Verify complete
2014-05-19 22:45:26, Info                  CSI    000000b6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:26, Info                  CSI    000000b7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:33, Info                  CSI    000000b9 [sR] Verify complete
2014-05-19 22:45:33, Info                  CSI    000000ba [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:33, Info                  CSI    000000bb [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:42, Info                  CSI    000000bd [sR] Verify complete
2014-05-19 22:45:42, Info                  CSI    000000be [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:42, Info                  CSI    000000bf [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:48, Info                  CSI    000000c3 [sR] Verify complete
2014-05-19 22:45:48, Info                  CSI    000000c4 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:48, Info                  CSI    000000c5 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:50, Info                  CSI    000000c7 [sR] Verify complete
2014-05-19 22:45:50, Info                  CSI    000000c8 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:50, Info                  CSI    000000c9 [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:51, Info                  CSI    000000cb [sR] Verify complete
2014-05-19 22:45:51, Info                  CSI    000000cc [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:51, Info                  CSI    000000cd [sR] Beginning Verify and Repair transaction
2014-05-19 22:45:54, Info                  CSI    000000cf [sR] Verify complete
2014-05-19 22:45:54, Info                  CSI    000000d0 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:45:54, Info                  CSI    000000d1 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:01, Info                  CSI    000000ea [sR] Verify complete
2014-05-19 22:46:01, Info                  CSI    000000eb [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:01, Info                  CSI    000000ec [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:03, Info                  CSI    000000ee [sR] Verify complete
2014-05-19 22:46:03, Info                  CSI    000000ef [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:03, Info                  CSI    000000f0 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:07, Info                  CSI    000000f2 [sR] Verify complete
2014-05-19 22:46:07, Info                  CSI    000000f3 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:07, Info                  CSI    000000f4 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:08, Info                  CSI    000000f6 [sR] Verify complete
2014-05-19 22:46:09, Info                  CSI    000000f7 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:09, Info                  CSI    000000f8 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:14, Info                  CSI    000000fb [sR] Verify complete
2014-05-19 22:46:14, Info                  CSI    000000fc [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:14, Info                  CSI    000000fd [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:21, Info                  CSI    00000100 [sR] Verify complete
2014-05-19 22:46:21, Info                  CSI    00000101 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:21, Info                  CSI    00000102 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:24, Info                  CSI    00000104 [sR] Verify complete
2014-05-19 22:46:24, Info                  CSI    00000105 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:24, Info                  CSI    00000106 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:26, Info                  CSI    00000108 [sR] Verify complete
2014-05-19 22:46:26, Info                  CSI    00000109 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:26, Info                  CSI    0000010a [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:31, Info                  CSI    0000010c [sR] Verify complete
2014-05-19 22:46:31, Info                  CSI    0000010d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:31, Info                  CSI    0000010e [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:35, Info                  CSI    00000110 [sR] Verify complete
2014-05-19 22:46:35, Info                  CSI    00000111 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:35, Info                  CSI    00000112 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:41, Info                  CSI    00000114 [sR] Verify complete
2014-05-19 22:46:41, Info                  CSI    00000115 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:41, Info                  CSI    00000116 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:49, Info                  CSI    00000127 [sR] Verify complete
2014-05-19 22:46:49, Info                  CSI    00000128 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:49, Info                  CSI    00000129 [sR] Beginning Verify and Repair transaction
2014-05-19 22:46:54, Info                  CSI    00000132 [sR] Verify complete
2014-05-19 22:46:54, Info                  CSI    00000133 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:46:54, Info                  CSI    00000134 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:04, Info                  CSI    00000136 [sR] Verify complete
2014-05-19 22:47:04, Info                  CSI    00000137 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:04, Info                  CSI    00000138 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:09, Info                  CSI    0000013a [sR] Verify complete
2014-05-19 22:47:09, Info                  CSI    0000013b [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:09, Info                  CSI    0000013c [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:17, Info                  CSI    0000013f [sR] Verify complete
2014-05-19 22:47:17, Info                  CSI    00000140 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:17, Info                  CSI    00000141 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:22, Info                  CSI    00000143 [sR] Verify complete
2014-05-19 22:47:22, Info                  CSI    00000144 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:22, Info                  CSI    00000145 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:26, Info                  CSI    00000147 [sR] Verify complete
2014-05-19 22:47:27, Info                  CSI    00000148 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:27, Info                  CSI    00000149 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:30, Info                  CSI    0000014b [sR] Verify complete
2014-05-19 22:47:31, Info                  CSI    0000014c [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:31, Info                  CSI    0000014d [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:34, Info                  CSI    00000151 [sR] Verify complete
2014-05-19 22:47:34, Info                  CSI    00000152 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:34, Info                  CSI    00000153 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:44, Info                  CSI    00000155 [sR] Verify complete
2014-05-19 22:47:44, Info                  CSI    00000156 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:44, Info                  CSI    00000157 [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:51, Info                  CSI    0000015a [sR] Verify complete
2014-05-19 22:47:51, Info                  CSI    0000015b [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:51, Info                  CSI    0000015c [sR] Beginning Verify and Repair transaction
2014-05-19 22:47:57, Info                  CSI    0000015e [sR] Verify complete
2014-05-19 22:47:57, Info                  CSI    0000015f [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:47:57, Info                  CSI    00000160 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:01, Info                  CSI    00000163 [sR] Verify complete
2014-05-19 22:48:02, Info                  CSI    00000164 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:02, Info                  CSI    00000165 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:08, Info                  CSI    00000168 [sR] Verify complete
2014-05-19 22:48:08, Info                  CSI    00000169 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:08, Info                  CSI    0000016a [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:13, Info                  CSI    0000016c [sR] Verify complete
2014-05-19 22:48:13, Info                  CSI    0000016d [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:13, Info                  CSI    0000016e [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:18, Info                  CSI    00000170 [sR] Verify complete
2014-05-19 22:48:18, Info                  CSI    00000171 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:18, Info                  CSI    00000172 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:21, Info                  CSI    00000174 [sR] Verify complete
2014-05-19 22:48:21, Info                  CSI    00000175 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:21, Info                  CSI    00000176 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:26, Info                  CSI    00000179 [sR] Verify complete
2014-05-19 22:48:26, Info                  CSI    0000017a [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:26, Info                  CSI    0000017b [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:31, Info                  CSI    0000017d [sR] Verify complete
2014-05-19 22:48:31, Info                  CSI    0000017e [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:31, Info                  CSI    0000017f [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:34, Info                  CSI    00000181 [sR] Verify complete
2014-05-19 22:48:34, Info                  CSI    00000182 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:34, Info                  CSI    00000183 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:39, Info                  CSI    00000186 [sR] Verify complete
2014-05-19 22:48:39, Info                  CSI    00000187 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:39, Info                  CSI    00000188 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:45, Info                  CSI    0000018b [sR] Verify complete
2014-05-19 22:48:45, Info                  CSI    0000018c [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:45, Info                  CSI    0000018d [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:50, Info                  CSI    00000190 [sR] Verify complete
2014-05-19 22:48:50, Info                  CSI    00000191 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:50, Info                  CSI    00000192 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:55, Info                  CSI    00000195 [sR] Verify complete
2014-05-19 22:48:55, Info                  CSI    00000196 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:55, Info                  CSI    00000197 [sR] Beginning Verify and Repair transaction
2014-05-19 22:48:59, Info                  CSI    00000199 [sR] Verify complete
2014-05-19 22:48:59, Info                  CSI    0000019a [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:48:59, Info                  CSI    0000019b [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:00, Info                  CSI    0000019d [sR] Verify complete
2014-05-19 22:49:00, Info                  CSI    0000019e [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:00, Info                  CSI    0000019f [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:03, Info                  CSI    000001a1 [sR] Verify complete
2014-05-19 22:49:03, Info                  CSI    000001a2 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:03, Info                  CSI    000001a3 [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:07, Info                  CSI    000001a5 [sR] Verify complete
2014-05-19 22:49:07, Info                  CSI    000001a6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:07, Info                  CSI    000001a7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:11, Info                  CSI    000001a9 [sR] Verify complete
2014-05-19 22:49:11, Info                  CSI    000001aa [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:11, Info                  CSI    000001ab [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:14, Info                  CSI    000001ad [sR] Verify complete
2014-05-19 22:49:14, Info                  CSI    000001ae [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:14, Info                  CSI    000001af [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:17, Info                  CSI    000001b1 [sR] Verify complete
2014-05-19 22:49:17, Info                  CSI    000001b2 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:17, Info                  CSI    000001b3 [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:29, Info                  CSI    000001b5 [sR] Verify complete
2014-05-19 22:49:29, Info                  CSI    000001b6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:29, Info                  CSI    000001b7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:49:55, Info                  CSI    000001b9 [sR] Verify complete
2014-05-19 22:49:55, Info                  CSI    000001ba [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:49:55, Info                  CSI    000001bb [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:00, Info                  CSI    000001bd [sR] Verify complete
2014-05-19 22:50:00, Info                  CSI    000001be [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:00, Info                  CSI    000001bf [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:05, Info                  CSI    000001c1 [sR] Verify complete
2014-05-19 22:50:05, Info                  CSI    000001c2 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:05, Info                  CSI    000001c3 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:07, Info                  CSI    000001c5 [sR] Verify complete
2014-05-19 22:50:07, Info                  CSI    000001c6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:07, Info                  CSI    000001c7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:10, Info                  CSI    000001c9 [sR] Verify complete
2014-05-19 22:50:10, Info                  CSI    000001ca [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:10, Info                  CSI    000001cb [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:14, Info                  CSI    000001cd [sR] Verify complete
2014-05-19 22:50:14, Info                  CSI    000001ce [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:14, Info                  CSI    000001cf [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:17, Info                  CSI    000001d1 [sR] Verify complete
2014-05-19 22:50:18, Info                  CSI    000001d2 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:18, Info                  CSI    000001d3 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:19, Info                  CSI    000001d5 [sR] Verify complete
2014-05-19 22:50:19, Info                  CSI    000001d6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:19, Info                  CSI    000001d7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:24, Info                  CSI    000001df [sR] Verify complete
2014-05-19 22:50:24, Info                  CSI    000001e0 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:24, Info                  CSI    000001e1 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:27, Info                  CSI    000001e3 [sR] Verify complete
2014-05-19 22:50:27, Info                  CSI    000001e4 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:27, Info                  CSI    000001e5 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:30, Info                  CSI    000001e7 [sR] Verify complete
2014-05-19 22:50:30, Info                  CSI    000001e8 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:30, Info                  CSI    000001e9 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:33, Info                  CSI    000001eb [sR] Verify complete
2014-05-19 22:50:33, Info                  CSI    000001ec [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:33, Info                  CSI    000001ed [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:38, Info                  CSI    000001ef [sR] Verify complete
2014-05-19 22:50:38, Info                  CSI    000001f0 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:38, Info                  CSI    000001f1 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:43, Info                  CSI    000001f4 [sR] Verify complete
2014-05-19 22:50:44, Info                  CSI    000001f5 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:44, Info                  CSI    000001f6 [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:47, Info                  CSI    000001f8 [sR] Verify complete
2014-05-19 22:50:47, Info                  CSI    000001f9 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:47, Info                  CSI    000001fa [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:49, Info                  CSI    000001fc [sR] Verify complete
2014-05-19 22:50:49, Info                  CSI    000001fd [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:49, Info                  CSI    000001fe [sR] Beginning Verify and Repair transaction
2014-05-19 22:50:55, Info                  CSI    00000201 [sR] Verify complete
2014-05-19 22:50:55, Info                  CSI    00000202 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:50:55, Info                  CSI    00000203 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:04, Info                  CSI    00000207 [sR] Verify complete
2014-05-19 22:51:04, Info                  CSI    00000208 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:04, Info                  CSI    00000209 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:11, Info                  CSI    0000020e [sR] Verify complete
2014-05-19 22:51:11, Info                  CSI    0000020f [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:11, Info                  CSI    00000210 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:17, Info                  CSI    00000216 [sR] Verify complete
2014-05-19 22:51:17, Info                  CSI    00000217 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:17, Info                  CSI    00000218 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:25, Info                  CSI    00000221 [sR] Verify complete
2014-05-19 22:51:25, Info                  CSI    00000222 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:25, Info                  CSI    00000223 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:30, Info                  CSI    00000228 [sR] Verify complete
2014-05-19 22:51:30, Info                  CSI    00000229 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:30, Info                  CSI    0000022a [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:34, Info                  CSI    0000022e [sR] Verify complete
2014-05-19 22:51:34, Info                  CSI    0000022f [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:34, Info                  CSI    00000230 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:38, Info                  CSI    00000232 [sR] Verify complete
2014-05-19 22:51:38, Info                  CSI    00000233 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:38, Info                  CSI    00000234 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:43, Info                  CSI    00000251 [sR] Verify complete
2014-05-19 22:51:43, Info                  CSI    00000252 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:43, Info                  CSI    00000253 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:47, Info                  CSI    0000025d [sR] Verify complete
2014-05-19 22:51:48, Info                  CSI    0000025e [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:48, Info                  CSI    0000025f [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:52, Info                  CSI    00000261 [sR] Verify complete
2014-05-19 22:51:52, Info                  CSI    00000262 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:52, Info                  CSI    00000263 [sR] Beginning Verify and Repair transaction
2014-05-19 22:51:58, Info                  CSI    00000265 [sR] Verify complete
2014-05-19 22:51:58, Info                  CSI    00000266 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:51:58, Info                  CSI    00000267 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:00, Info                  CSI    00000269 [sR] Verify complete
2014-05-19 22:52:01, Info                  CSI    0000026a [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:01, Info                  CSI    0000026b [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:04, Info                  CSI    00000279 [sR] Verify complete
2014-05-19 22:52:04, Info                  CSI    0000027a [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:04, Info                  CSI    0000027b [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:10, Info                  CSI    00000281 [sR] Verify complete
2014-05-19 22:52:10, Info                  CSI    00000282 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:10, Info                  CSI    00000283 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:14, Info                  CSI    0000028d [sR] Verify complete
2014-05-19 22:52:15, Info                  CSI    0000028e [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:15, Info                  CSI    0000028f [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:17, Info                  CSI    00000291 [sR] Verify complete
2014-05-19 22:52:17, Info                  CSI    00000292 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:17, Info                  CSI    00000293 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:22, Info                  CSI    00000296 [sR] Verify complete
2014-05-19 22:52:22, Info                  CSI    00000297 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:22, Info                  CSI    00000298 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:24, Info                  CSI    0000029a [sR] Verify complete
2014-05-19 22:52:24, Info                  CSI    0000029b [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:24, Info                  CSI    0000029c [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:28, Info                  CSI    0000029e [sR] Verify complete
2014-05-19 22:52:29, Info                  CSI    0000029f [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:29, Info                  CSI    000002a0 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:32, Info                  CSI    000002a2 [sR] Verify complete
2014-05-19 22:52:32, Info                  CSI    000002a3 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:32, Info                  CSI    000002a4 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:36, Info                  CSI    000002a6 [sR] Verify complete
2014-05-19 22:52:36, Info                  CSI    000002a7 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:36, Info                  CSI    000002a8 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:42, Info                  CSI    000002c2 [sR] Verify complete
2014-05-19 22:52:43, Info                  CSI    000002c3 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:43, Info                  CSI    000002c4 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:54, Info                  CSI    000002c6 [sR] Verify complete
2014-05-19 22:52:54, Info                  CSI    000002c7 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:54, Info                  CSI    000002c8 [sR] Beginning Verify and Repair transaction
2014-05-19 22:52:58, Info                  CSI    000002ca [sR] Verify complete
2014-05-19 22:52:58, Info                  CSI    000002cb [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:52:58, Info                  CSI    000002cc [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:02, Info                  CSI    000002ce [sR] Verify complete
2014-05-19 22:53:02, Info                  CSI    000002cf [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:02, Info                  CSI    000002d0 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:05, Info                  CSI    000002d4 [sR] Verify complete
2014-05-19 22:53:05, Info                  CSI    000002d5 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:05, Info                  CSI    000002d6 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:09, Info                  CSI    000002d8 [sR] Verify complete
2014-05-19 22:53:09, Info                  CSI    000002d9 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:09, Info                  CSI    000002da [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:14, Info                  CSI    000002dc [sR] Verify complete
2014-05-19 22:53:14, Info                  CSI    000002dd [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:14, Info                  CSI    000002de [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:18, Info                  CSI    000002e0 [sR] Verify complete
2014-05-19 22:53:18, Info                  CSI    000002e1 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:18, Info                  CSI    000002e2 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:23, Info                  CSI    000002e5 [sR] Verify complete
2014-05-19 22:53:23, Info                  CSI    000002e6 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:23, Info                  CSI    000002e7 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:26, Info                  CSI    000002e9 [sR] Verify complete
2014-05-19 22:53:26, Info                  CSI    000002ea [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:26, Info                  CSI    000002eb [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:31, Info                  CSI    000002ed [sR] Verify complete
2014-05-19 22:53:31, Info                  CSI    000002ee [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:31, Info                  CSI    000002ef [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:35, Info                  CSI    000002f1 [sR] Verify complete
2014-05-19 22:53:35, Info                  CSI    000002f2 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:35, Info                  CSI    000002f3 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:39, Info                  CSI    000002f6 [sR] Verify complete
2014-05-19 22:53:39, Info                  CSI    000002f7 [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:39, Info                  CSI    000002f8 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:44, Info                  CSI    000002fa [sR] Verify complete
2014-05-19 22:53:44, Info                  CSI    000002fb [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:44, Info                  CSI    000002fc [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:48, Info                  CSI    000002fe [sR] Verify complete
2014-05-19 22:53:48, Info                  CSI    000002ff [sR] Verifying 100 (0x0000000000000064) components
2014-05-19 22:53:48, Info                  CSI    00000300 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:52, Info                  CSI    00000302 [sR] Verify complete
2014-05-19 22:53:52, Info                  CSI    00000303 [sR] Verifying 81 (0x0000000000000051) components
2014-05-19 22:53:52, Info                  CSI    00000304 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:55, Info                  CSI    00000306 [sR] Verify complete
2014-05-19 22:53:55, Info                  CSI    00000307 [sR] Repairing 0 components
2014-05-19 22:53:55, Info                  CSI    00000308 [sR] Beginning Verify and Repair transaction
2014-05-19 22:53:55, Info                  CSI    0000030a [sR] Repair complete

--------------------------

 

Link to post
Share on other sites

Ran FRST again - here are the logs...

 

c8w

 

---------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by c8w (administrator) on C8W-PC on 20-05-2014 14:01:49
Running from C:\Users\c8w\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3816254454-4028438852-541787986-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\c8w\AppData\Roaming\Mozilla\Firefox\Profiles\gyhwcxv2.default
FF Homepage: hxxp://www.espncricinfo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 23:20 - 2014-05-20 03:19 - 00000168 _____ () C:\Windows\setupact.log
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 23:15 - 2014-05-19 23:15 - 00000829 _____ () C:\Users\c8w\Desktop\CCleaner.lnk
2014-05-19 23:15 - 2014-05-19 23:15 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-19 23:15 - 2014-05-19 23:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 23:14 - 2014-05-19 23:14 - 03671432 _____ (Piriform Ltd) C:\Users\c8w\Downloads\ccsetup413_slim.exe
2014-05-19 23:09 - 2014-05-19 23:09 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-19 23:09 - 2014-05-19 23:09 - 00000000 ____D () C:\CC Support
2014-05-19 23:08 - 2014-05-19 23:08 - 04009167 _____ () C:\Users\c8w\Downloads\ServicesRepair.exe
2014-05-19 23:07 - 2014-05-19 23:07 - 00038586 _____ () C:\Users\c8w\Desktop\sfcdetails.txt
2014-05-17 22:02 - 2014-05-19 23:24 - 00000914 _____ () C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 22:02 - 2014-05-19 23:24 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 22:02 - 2014-05-19 23:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 22:02 - 2014-05-17 22:02 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Malwarebytes
2014-05-17 22:02 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 22:02 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 22:02 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 21:59 - 2014-05-17 22:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-17 21:32 - 2014-05-17 21:32 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0(1).exe
2014-05-16 22:40 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\c8w\Downloads\FRST-OlderVersion
2014-05-16 16:58 - 2014-05-16 16:58 - 00000000 ____D () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio
2014-05-16 16:55 - 2014-05-16 16:55 - 03589534 _____ () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio.zip
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\c8w\Downloads\geek
2014-05-16 16:46 - 2014-05-16 16:46 - 02455055 _____ () C:\Users\c8w\Downloads\geek.zip
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\_OTL
2014-05-16 00:19 - 2014-05-16 00:19 - 00040060 _____ () C:\Users\c8w\Downloads\Extras.Txt
2014-05-16 00:18 - 2014-05-16 00:18 - 00081480 _____ () C:\Users\c8w\Downloads\OTL.Txt
2014-05-15 20:47 - 2014-05-15 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\c8w\Downloads\OTL.exe
2014-05-15 19:11 - 2014-05-15 19:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:03 - 2014-05-15 19:03 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 18:41 - 2014-05-15 18:41 - 00016594 _____ () C:\FixitRegBackup.reg
2014-05-15 18:39 - 2014-05-15 18:39 - 00899584 _____ () C:\Users\c8w\Downloads\MicrosoftFixit50535.msi
2014-05-15 18:34 - 2014-05-15 18:34 - 00869456 _____ () C:\Users\c8w\Downloads\Norton_Removal_Tool.exe
2014-05-15 16:54 - 2014-05-20 14:01 - 00000000 ____D () C:\FRST
2014-05-15 16:51 - 2014-05-15 16:53 - 00000000 ____D () C:\Fixes
2014-05-15 14:04 - 2014-05-15 14:08 - 00000000 ___SD () C:\ComboFix
2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Screensaver
2014-05-15 03:02 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:02 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:02 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:02 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 02:31 - 2014-05-20 14:02 - 00006396 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-15 02:31 - 2014-05-16 22:41 - 00015793 _____ () C:\Users\c8w\Downloads\Addition.txt
2014-05-15 02:29 - 2014-05-15 02:31 - 00000000 ____D () C:\Users\c8w\Downloads\FRST
2014-05-15 02:28 - 2014-05-16 22:40 - 02067456 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-14 19:31 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:31 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:31 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:31 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 01:42 - 2014-05-09 02:09 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-09 01:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-09 01:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-09 01:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-08 23:38 - 2014-05-15 14:04 - 00000000 ____D () C:\Qoobox
2014-05-08 23:37 - 2014-05-09 01:58 - 00000000 ____D () C:\Windows\erdnt
2014-05-08 23:36 - 2014-05-13 06:54 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 20:47 - 2014-05-13 06:53 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:38 - 2014-04-29 20:39 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 03:20 - 2014-04-29 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 01:25 - 2014-04-29 07:32 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-27 07:39 - 2014-04-27 07:48 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 07:37 - 2014-05-15 16:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-21 23:08 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-21 23:08 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 23:08 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 23:08 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 23:08 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-21 23:08 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 23:08 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 23:08 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 23:08 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 23:08 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 23:08 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 23:08 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 23:08 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 23:08 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 23:08 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 23:08 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 23:08 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 23:08 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 23:08 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 23:08 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 23:08 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 23:08 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 23:08 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 23:08 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 23:08 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 23:08 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 23:08 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 23:08 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-20 14:02 - 2014-05-15 02:31 - 00006396 _____ () C:\Users\c8w\Downloads\FRST.txt
2014-05-20 14:01 - 2014-05-15 16:54 - 00000000 ____D () C:\FRST
2014-05-20 13:59 - 2014-04-04 09:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 13:59 - 2014-04-04 09:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 13:59 - 2014-02-25 16:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 13:59 - 2014-02-24 18:03 - 01841591 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 03:26 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 03:26 - 2009-07-13 23:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 03:19 - 2014-05-19 23:20 - 00000168 _____ () C:\Windows\setupact.log
2014-05-20 03:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 23:24 - 2014-05-17 22:02 - 00000914 _____ () C:\Users\c8w\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 23:24 - 2014-05-17 22:02 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 23:24 - 2014-05-17 22:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-19 23:20 - 2014-05-19 23:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 23:17 - 2009-11-24 12:16 - 00000000 ____D () C:\Windows\Panther
2014-05-19 23:15 - 2014-05-19 23:15 - 00000829 _____ () C:\Users\c8w\Desktop\CCleaner.lnk
2014-05-19 23:15 - 2014-05-19 23:15 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-19 23:15 - 2014-05-19 23:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-19 23:14 - 2014-05-19 23:14 - 03671432 _____ (Piriform Ltd) C:\Users\c8w\Downloads\ccsetup413_slim.exe
2014-05-19 23:09 - 2014-05-19 23:09 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-05-19 23:09 - 2014-05-19 23:09 - 00000000 ____D () C:\CC Support
2014-05-19 23:08 - 2014-05-19 23:08 - 04009167 _____ () C:\Users\c8w\Downloads\ServicesRepair.exe
2014-05-19 23:07 - 2014-05-19 23:07 - 00038586 _____ () C:\Users\c8w\Desktop\sfcdetails.txt
2014-05-17 22:02 - 2014-05-17 22:02 - 00000000 ____D () C:\Users\c8w\AppData\Roaming\Malwarebytes
2014-05-17 22:01 - 2014-05-17 21:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-17 21:32 - 2014-05-17 21:32 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0(1).exe
2014-05-16 22:41 - 2014-05-15 02:31 - 00015793 _____ () C:\Users\c8w\Downloads\Addition.txt
2014-05-16 22:40 - 2014-05-16 22:40 - 00000000 ____D () C:\Users\c8w\Downloads\FRST-OlderVersion
2014-05-16 22:40 - 2014-05-15 02:28 - 02067456 _____ (Farbar) C:\Users\c8w\Downloads\FRST64.exe
2014-05-16 16:58 - 2014-05-16 16:58 - 00000000 ____D () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio
2014-05-16 16:55 - 2014-05-16 16:55 - 03589534 _____ () C:\Users\c8w\Downloads\tweaking.com_windows_repair_aio.zip
2014-05-16 16:48 - 2014-05-16 16:48 - 00000000 ____D () C:\Users\c8w\Downloads\geek
2014-05-16 16:46 - 2014-05-16 16:46 - 02455055 _____ () C:\Users\c8w\Downloads\geek.zip
2014-05-16 16:43 - 2014-05-16 16:43 - 00000000 ____D () C:\_OTL
2014-05-16 09:26 - 2014-02-24 17:12 - 00000000 ____D () C:\Users\c8w
2014-05-16 00:19 - 2014-05-16 00:19 - 00040060 _____ () C:\Users\c8w\Downloads\Extras.Txt
2014-05-16 00:18 - 2014-05-16 00:18 - 00081480 _____ () C:\Users\c8w\Downloads\OTL.Txt
2014-05-15 20:47 - 2014-05-15 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\c8w\Downloads\OTL.exe
2014-05-15 19:12 - 2014-05-15 19:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\c8w\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 19:03 - 2014-05-15 19:03 - 00315392 _____ (Malwarebytes Corporation) C:\Users\c8w\Downloads\mbam-clean-2.0.2.0.exe
2014-05-15 18:41 - 2014-05-15 18:41 - 00016594 _____ () C:\FixitRegBackup.reg
2014-05-15 18:39 - 2014-05-15 18:39 - 00899584 _____ () C:\Users\c8w\Downloads\MicrosoftFixit50535.msi
2014-05-15 18:34 - 2014-05-15 18:34 - 00869456 _____ () C:\Users\c8w\Downloads\Norton_Removal_Tool.exe
2014-05-15 16:53 - 2014-05-15 16:51 - 00000000 ____D () C:\Fixes
2014-05-15 16:05 - 2014-02-24 17:16 - 00000000 ___RD () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:05 - 2014-02-24 17:16 - 00000000 ___RD () C:\Users\c8w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:03 - 2014-04-27 07:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 14:08 - 2014-05-15 14:04 - 00000000 ___SD () C:\ComboFix
2014-05-15 14:04 - 2014-05-08 23:38 - 00000000 ____D () C:\Qoobox
2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Screensaver
2014-05-15 03:01 - 2014-02-26 15:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:00 - 2014-02-26 15:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:31 - 2014-05-15 02:29 - 00000000 ____D () C:\Users\c8w\Downloads\FRST
2014-05-14 18:14 - 2014-05-14 18:14 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(2).exe
2014-05-14 18:05 - 2014-05-14 18:05 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial(1).exe
2014-05-14 18:00 - 2014-05-14 18:00 - 05142080 _____ (McAfee, Inc.) C:\Users\c8w\Downloads\McAfeeSetup-Serial.exe
2014-05-14 08:21 - 2014-03-29 01:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 07:01 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 06:54 - 2014-05-08 23:36 - 05200050 ____R (Swearware) C:\Users\c8w\Downloads\ComboFix.exe
2014-05-13 06:53 - 2014-04-29 20:47 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-05-09 16:37 - 2014-05-09 16:37 - 00000000 ____D () C:\found.003
2014-05-09 02:09 - 2014-05-09 02:09 - 00012873 _____ () C:\Users\c8w\Desktop\dds.txt
2014-05-09 02:09 - 2014-05-09 01:42 - 00006862 _____ () C:\Users\c8w\Desktop\attach.txt
2014-05-09 01:58 - 2014-05-08 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-09 01:14 - 2014-05-14 19:31 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 01:11 - 2014-05-14 19:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:13 - 2014-05-08 23:13 - 00688992 ____R (Swearware) C:\Users\c8w\Downloads\dds.com
2014-05-05 23:40 - 2014-05-15 03:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:17 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:25 - 2014-05-15 03:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:07 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 22:00 - 2014-05-15 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 21:10 - 2014-05-15 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-30 14:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 01:25 - 2014-04-30 01:25 - 00002974 _____ () C:\Windows\System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E}
2014-04-30 01:24 - 2014-04-30 01:24 - 00002974 _____ () C:\Windows\System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8}
2014-04-30 01:23 - 2014-04-30 01:23 - 00002974 _____ () C:\Windows\System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12}
2014-04-30 01:06 - 2009-11-24 12:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA}
2014-04-30 00:16 - 2014-04-30 00:16 - 00002976 _____ () C:\Windows\System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A}
2014-04-30 00:15 - 2014-04-30 00:15 - 00002976 _____ () C:\Windows\System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC}
2014-04-30 00:13 - 2014-04-30 00:13 - 00002976 _____ () C:\Windows\System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187}
2014-04-30 00:08 - 2014-04-30 00:08 - 00002976 _____ () C:\Windows\System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23}
2014-04-30 00:06 - 2014-04-30 00:06 - 00002976 _____ () C:\Windows\System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B}
2014-04-29 23:31 - 2014-04-29 23:31 - 00000051 _____ () C:\Users\c8w\AppData\Roaming\mbam.context.scan
2014-04-29 22:31 - 2014-02-25 14:13 - 00000000 ____D () C:\Users\c8w\Desktop\mbar
2014-04-29 20:42 - 2014-04-29 20:42 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-29 20:42 - 2014-04-29 03:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-29 20:39 - 2014-04-29 20:38 - 13829304 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mseinstall.exe
2014-04-29 19:34 - 2014-04-29 19:34 - 00000000 ____D () C:\Mozilla
2014-04-29 19:19 - 2014-04-29 19:19 - 00000000 ____D () C:\Malwarebytes
2014-04-29 07:32 - 2014-04-29 01:25 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 07:32 - 2014-03-13 12:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-29 07:32 - 2009-11-24 13:00 - 00000000 ____D () C:\Users\c8w\Downloads\Norton Internet Security
2014-04-29 07:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-29 06:05 - 2014-02-24 17:27 - 00000000 ____D () C:\Users\c8w\AppData\Local\Cyberlink
2014-04-29 06:04 - 2009-11-24 13:02 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-29 00:32 - 2014-04-29 00:32 - 00000000 ____D () C:\Users\c8w\AppData\Local\SlimWare Utilities Inc
2014-04-28 22:31 - 2014-02-25 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-27 07:48 - 2014-04-27 07:39 - 23843096 _____ (Microsoft Corporation) C:\Users\c8w\Downloads\mpas-fe.exe
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieUserList
2014-04-27 03:29 - 2014-04-27 03:29 - 00000000 __SHD () C:\Users\c8w\AppData\Local\EmieSiteList
2014-04-26 22:12 - 2014-04-26 22:12 - 00021392 ____N () C:\bootsqm.dat
2014-04-26 17:17 - 2014-04-26 17:17 - 00000000 ____D () C:\found.002
2014-04-25 04:25 - 2009-11-24 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-25 02:28 - 2014-04-25 02:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:07 - 2014-04-22 15:07 - 00047366 _____ () C:\Users\c8w\Downloads\players_in_multiple_teams.xlsx
2014-04-22 00:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2009-11-24 12:16

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by c8w at 2014-05-20 14:02:44
Running from C:\Users\c8w\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-05-2014 07:38:13 ComboFix created restore point
09-05-2014 08:00:11 Windows Update
12-05-2014 09:30:18 Windows Update
15-05-2014 08:00:13 Windows Update
15-05-2014 23:40:41 Installed Microsoft Fix it 50535
16-05-2014 08:00:29 Windows Update
17-05-2014 08:00:28 Windows Update
18-05-2014 08:00:29 Windows Update
18-05-2014 13:52:34 Windows Update
19-05-2014 08:00:14 Windows Update
20-05-2014 08:00:38 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-05-09 01:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {181494F2-268E-46C5-94B0-0EAD8F849A10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated)
Task: {1D0E0BF6-EC91-46EF-A1C9-7590050454EA} - System32\Tasks\{546C245F-021D-4841-BCBF-B5CCBAF6BB4E} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {220EC111-1046-423E-996B-5F2A74CB3047} - System32\Tasks\{3A844978-8933-4FD5-A2AF-4C9C46EAAD23} => Chrome.exe
Task: {246547AB-E353-4CC6-A263-0467834E3DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {292A5730-8337-454F-856D-38CCAFD40527} - System32\Tasks\{4858A3B8-66C3-490B-81A0-013AE815C189} => Chrome.exe
Task: {33608DEB-E373-4D7C-88E6-522D0F385030} - System32\Tasks\{D750335F-8A83-47BB-9D3F-8A099E9EFC2C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {3F7B7FD7-3721-4E39-9685-6FB7BF698116} - System32\Tasks\{F8F5B1E0-EA0E-4A34-B4CD-B66CD1E1FBAD} => Chrome.exe
Task: {6619630B-E22C-49DB-9FF1-DD4ED7D3EF84} - System32\Tasks\{E93F5FF8-6642-4C89-B465-73EE32CC4BEA} => Chrome.exe
Task: {739F9502-CC58-47D5-97E9-ECACF8C5DD8B} - System32\Tasks\{9DDB55DF-F250-4387-B309-97FC4A72ECB8} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {78C2D2A7-CAF7-41B7-9662-DB1C52B9177D} - System32\Tasks\{E4B22DFE-3028-4C59-AFCA-591161C080EC} => Chrome.exe
Task: {794DF342-A4C6-4DD0-835D-6E5E39BA825F} - System32\Tasks\{E09AACA0-3A66-4F72-8DBC-0767B1A72187} => Chrome.exe
Task: {A2467B78-CC20-4B3C-9781-9337BFE1439C} - System32\Tasks\{AD72246F-E1E0-4115-BB4B-9917BF53231C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {A28DAA3A-E310-4C48-ACC4-03B4ABB40B8F} - System32\Tasks\{68FA1D32-AEE2-42B2-B419-292255100C12} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {AD87A770-3E2F-4BBF-B9AC-A938FA2725EA} - System32\Tasks\{CF446B0D-73A6-447F-B4B8-5FDA0398450A} => Chrome.exe
Task: {C9C09651-9F1B-403C-99A5-109D10D3AC29} - System32\Tasks\{3A4766F7-A448-4A41-A5D0-80CDC59C682B} => Chrome.exe
Task: {CDC0D8B4-4097-486A-80EF-8D345E3C829F} - System32\Tasks\{95FB4303-91DE-46F6-B2C4-B6E6149B9EB9} => Chrome.exe
Task: {FCCD2E95-A852-493A-AA70-844B1E59597D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-12-13 21:19 - 2009-12-09 04:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-03-29 01:55 - 2014-03-29 01:55 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 22:33 - 2014-03-11 22:33 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Audio Device
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 03:01:23 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/20/2014 03:01:23 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/20/2014 03:01:05 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/20/2014 03:01:05 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/20/2014 03:00:57 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/20/2014 03:00:57 AM) (Source: MsiInstaller) (EventID: 11719) (User: NT AUTHORITY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (05/19/2014 11:24:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/19/2014 11:24:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/19/2014 11:24:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The keyset is not defined.
.

Error: (05/19/2014 11:24:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa48
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (05/20/2014 03:24:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows 7 for x64-based Systems (KB2871997).

Error: (05/20/2014 03:23:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/20/2014 03:21:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated with the following error:
%%-2146893799

Error: (05/20/2014 03:21:55 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: WMPNetworkSvc0x80070002

Error: (05/20/2014 03:21:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (05/20/2014 03:21:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (05/20/2014 03:19:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
pcw

Error: (05/20/2014 03:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Updater Service service failed to start due to the following error:
%%1053

Error: (05/20/2014 03:19:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.

Error: (05/20/2014 03:19:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147221008


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-09 01:57:21.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-09 01:57:21.648
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 6007.09 MB
Available physical RAM: 4935.64 MB
Total Pagefile: 12012.37 MB
Available Pagefile: 10674.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:917.74 GB) (Free:866.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 55295E62)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Post those logs,
     
    Thanks...
     
    Kevin
Link to post
Share on other sites

Ok, did both - both worked. Am attaching both logs...

 

c8w

 

---------------

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/20/2014 10:05:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 05/20/2014 10:06:38 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)
 

 

-----------------------

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : c8w [Admin rights]
Mode : Scan -- Date : 05/20/2014 22:14:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7418AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74138A0)
[Address] EAT @explorer.exe (WlanConnect) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7415558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7416D10)
[Address] EAT @explorer.exe (WlanDisconnect) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74157E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7413A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7418394)
[Address] EAT @explorer.exe (WlanFreeMemory) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF741A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7417F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7415268)
[Address] EAT @explorer.exe (WlanGetProfile) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7416A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7417B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7417404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7418D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF741935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7419418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74199D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74194D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF741A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7419B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7419A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7419744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7419D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74191EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74192A4)
[Address] EAT @explorer.exe (WlanIhvControl) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7411960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7413EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7418A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7415A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF741A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7416F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74187D0)
[Address] EAT @explorer.exe (WlanScan) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7413D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7417DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7414470)
[Address] EAT @explorer.exe (WlanSetProfile) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7416760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74178A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7415CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7415F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74171A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7417644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74181B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : dtsh.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF7418B58)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313DF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313B741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731576AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313BBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313B8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313DE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313E428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73147525)
[Address] EAT @firefox.exe (CloseThemeData) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73131FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313D464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7314436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315D123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313E776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313E5C5)
[Address] EAT @firefox.exe (DrawThemeText) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313DB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313A70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7314786D)
[Address] EAT @firefox.exe (EnableTheming) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313ACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313ACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313CF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731463AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313EBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313DA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73147155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73140190)
[Address] EAT @firefox.exe (GetThemeBitmap) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73134B9C)
[Address] EAT @firefox.exe (GetThemeBool) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73136651)
[Address] EAT @firefox.exe (GetThemeColor) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731327C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731327C0)
[Address] EAT @firefox.exe (GetThemeFilename) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B997)
[Address] EAT @firefox.exe (GetThemeFont) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731476A2)
[Address] EAT @firefox.exe (GetThemeInt) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731327C0)
[Address] EAT @firefox.exe (GetThemeIntList) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B86E)
[Address] EAT @firefox.exe (GetThemeMargins) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73132F97)
[Address] EAT @firefox.exe (GetThemeMetric) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731455B4)
[Address] EAT @firefox.exe (GetThemePartSize) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313289F)
[Address] EAT @firefox.exe (GetThemePosition) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73140923)
[Address] EAT @firefox.exe (GetThemeRect) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B936)
[Address] EAT @firefox.exe (GetThemeStream) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B8CF)
[Address] EAT @firefox.exe (GetThemeString) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315B7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73145530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CC61)
[Address] EAT @firefox.exe (GetThemeSysString) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315C553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731389FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7314778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313E1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7314535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73142DC1)
[Address] EAT @firefox.exe (IsAppThemed) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73147009)
[Address] EAT @firefox.exe (IsCompositionActive) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731365DF)
[Address] EAT @firefox.exe (IsThemeActive) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73146F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7313281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731330CF)
[Address] EAT @firefox.exe (OpenThemeData) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73135F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731406FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7315CCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73147AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73139E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x73134571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : d3d8thk.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x731575ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EADS-22M2B0 +++++
--- User ---
[MBR] 7ba4f2fcfa25ab58f2e01e5e59bb7aa3
[bSP] 153db5dba3c0f5a8d3b2ba1099f44160 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14000 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28674048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28878848 | Size: 939767 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Multiple Flash Reader USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05202014_221426.txt >>



 

Link to post
Share on other sites

Those logs are clean, no obvious malware/infection. See if you can re-install Malwarebytes again....

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Malwarebytes to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option.

 

Next,

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Run the tool, make sure the system re-boots when complete..

 

Next,

 

Please download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post the log...

 

Let me know if MB install is successful, if not post a screen shot of any error alerts....

 

Kevin

Link to post
Share on other sites